使用IIS在服务器上发布ASP Net网站
[英]Publish asp net website on server using IIS
问题描述
I have created a website .It is a logon page and it works fine on Debug,But when I deploy it on server I got an strange error.When I click on login I got this error: 
我已经创建了一个网站。这是一个登录页面,它在Debug上可以正常工作,但是当我将其部署到服务器上时,出现了一个奇怪的错误。当我单击登录名时,出现了以下错误:
Invalid column name 'aa'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Invalid column name 'aa'.
Source Error:
Line 33:
Line 34: DataSet ds = new DataSet();
Line 35: dataAdapter.Fill(ds);
Line 36: DataTable dt = ds.Tables[0];
Line 37:
Source File: c:\inetpub\wwwroot\login.aspx.cs Line: 35
Stack Trace:
[SqlException (0x80131904): Invalid column name 'aa'.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +388
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +717
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +4515
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() +61
System.Data.SqlClient.SqlDataReader.get_MetaData() +134
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +6557689
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) +6560327
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite) +586
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +104
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +288
System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +171
System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +15
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +325
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +420
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) +275
login.ValidateUser(Object sender, EventArgs e) in c:\inetpub\wwwroot\login.aspx.cs:35
System.Web.UI.WebControls.Login.AttemptLogin() +160
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +93
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +84
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3804
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.342
As I expecte it must saty wrong login but it trows this error.here is my code: 如我所料,它必须满足错误的登录要求,但会引发此错误。这是我的代码:
protected void ValidateUser(object sender, EventArgs e)
{
int userId = 0;
string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
string query = "SELECT [OBJECTID] from dbo.OWNER where [owner_id]=" + Login1.UserName;
using (SqlDataAdapter dataAdapter = new SqlDataAdapter(query, con))
{
con.Open();
SqlCommandBuilder commandBuilder = new SqlCommandBuilder(dataAdapter);
DataSet ds = new DataSet();
dataAdapter.Fill(ds);
DataTable dt = ds.Tables[0];
userId = Convert.ToInt32(dt.Rows[0][0]);
if (userId.ToString() != Login1.Password)
{
userId = -1;
}
con.Close();
}
switch (userId)
{
case -1:
Login1.FailureText = "نام کاربری یا کلمه عبور صحیح نیست";
break;
case 0:
Login1.FailureText = "نام کاربری یا کلمه عبور صحیح نیست";
break;
case -2:
//Login1.FailureText = "Account has not been activated.";
break;
default:
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
break;
}
}
and here is database connection in web.config file: 这是web.config文件中的数据库连接:
<connectionStrings>
<add name="constr" connectionString="Data Source=XXX.xxx.xxx.xxx\sqlexpress;Initial Catalog=land_gis;Persist Security Info=True;User ID=Land;Password=password"/>
Do you think problem is with database connection?I can run on my debug with this connection without problem but when I copy them to wwwroot it makes probelm.Do I should add database to IIS or sth like that? 您是否认为数据库连接存在问题?我可以使用此连接在调试中正常运行,但是当我将它们复制到wwwroot时它会进行探测。我应该将数据库添加到IIS还是这样?
thank you very much for your helps 非常感谢您的帮助
2 个解决方案
解决方案1
2 已采纳 2014-08-15 05:24:39
Unless Login1.UserName is a number, this isn't going to work in dev either. 除非Login1.UserName是一个数字,否则这在dev中也不起作用。 Your query is not parameterized properly, and you don't have quotes, so the query will read SELECT [OBJECTID] from dbo.OWNER where [owner_id]=aa (assuming you're typing "aa" in the username box). 您的查询参数设置不正确,并且没有引号,因此该查询SELECT [OBJECTID] from dbo.OWNER where [owner_id]=aa读取SELECT [OBJECTID] from dbo.OWNER where [owner_id]=aa (假设您在用户名框中输入“ aa”)。
And if you attempt to run this query, it will think that aa is a column name rather than a real value. 而且,如果您尝试运行此查询,它将认为aa是列名而不是实际值。
Parameterize your query, and you should be fine. 参数化您的查询,就可以了。
EDIT 编辑
Somehow I'm not finding a good, short, simple tutorial for using parameterized queries in C#. 不知何故,我找不到用于在C#中使用参数化查询的良好,简短的简单教程。 Here it is in a nutshell: 简而言之:
When you write your query, you put variables in as placeholders for values you'll pass in later. 编写查询时,您将变量放入占位符中,以便稍后传递。 When you execute the command in C#, you populate those variables. 在C#中执行命令时,将填充这些变量。 This makes your code safe against SQL injection (someone executing unwanted script by injecting SQL statements into your query), and it also means you don't have to worry about all the quotation marks. 这使您的代码可以安全地防止SQL注入(有人通过将SQL语句注入查询来执行不需要的脚本),这也意味着您不必担心所有的引号。
In C#, using a DataSet the way you are, it looks something like: 在C#中,按原样使用DataSet,它看起来像:
using (var con = new SqlConnection(constr))
{
con.Open();
string query = "SELECT [OBJECTID] from dbo.OWNER where [owner_id] = @OwnerID";
using (var com = new SqlCommand(query, con))
{
com.Parameters.AddWithValue("@OwnerID", Login1.UserName);
using (var da = new SqlDataAdapter(com))
{
var ds = new DataSet();
da.Fill(ds);
Console.WriteLine(ds.Tables[0].Rows[0][0]);
}
}
}
There are dozens of ways of writing the same code (different constructors, different ways of retrieving data, etc., but the important thing is to never allow user input to go directly into a query's text, but rather attach parameters to the query instead. 编写相同代码的方式有很多种(不同的构造函数,检索数据的不同方式等),但是重要的是永远不要让用户输入直接进入查询的文本,而是将参数附加到查询中。
解决方案2
0 2014-08-15 05:02:44
Your connection seems to be working fine since it says Invalid column name 'aa' in stack trace. 您的连接似乎工作正常,因为它在堆栈跟踪中显示无效的列名“ aa” 。 But your query doesn't have this column. 但是您的查询没有此列。 It only has OBJECTID . 它只有OBJECTID 。
This could happen if you add column aa in your query for some reason and deployed the code with that error. 如果出于某种原因在查询中添加了aa列并部署了带有该错误的代码,则可能会发生这种情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.