堆栈内存溢出
  简体   繁体   English

会话检查拒绝页面访问ASP.NET

[英]Session check deny page access ASP.NET

 原文  2015-11-03 10:27:39       c#/ asp.net

问题描述

I have a login page that is checking users and passwords from an XML file, first I set a string that I will use with sessions then check if user exist 我有一个登录页面,该页面正在检查XML文件中的用户和密码,首先设置一个将用于会话的字符串,然后检查用户是否存在 

string roleCheck = "";

            string userName = node.SelectSingleNode("username").InnerText;
        string passWord = node.SelectSingleNode("password").InnerText;
        string isAdmin = node.SelectSingleNode("role").InnerText;

        if (isAdmin == "admin" && userName == TextBoxUsername.Text && passWord == TextBoxPassword.Text)
        {
            roleCheck = "admin";
            Session["RoleCheck"] = roleCheck;
            Response.Redirect("admin.aspx");
        }

Now here is where it fails, it seems I can access admin.aspx even without logging on, I have this in Page_Load on admin.aspx 现在这是失败的地方,似乎即使不登录也可以访问admin.aspx,我在admin.aspx的Page_Load中有此设置 

    protected void Page_Load(object sender, EventArgs e)
{
        if (Session["RoleCheck"] == "")
        {
            Response.Redirect("login.aspx");
        }
}

Shouldnt this redirect non logged on users? 该重定向不应该登录的用户吗?

2 个解决方案

解决方案1
 0  2015-11-03 10:30:51

You need to check just session is null like below code. 您需要检查会话是否为空,如以下代码所示。 not check empty or blank. 不要检查为空还是空白。 

protected void Page_Load(object sender, EventArgs e)
 {
      if (!IsPostBack)
        {
          if (Session["RoleCheck"] == null)
          {
              Response.Redirect("login.aspx");
          }
        }
  }

解决方案2
 0 已采纳  2015-11-03 10:34:01

No, because it is checking whether Session is blank string, but here, Session is null, ie not a blank string. 否,因为它正在检查Session是否为空字符串,但是在这里, Session为null,即不是空字符串。 Hence condition fails. 因此条件失败。

You should check Session for null rather than empty string. 您应该检查Session是否为空而不是空字符串。 

if(Session["RoleCheck"] == null)
{
   // redirect
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 拒绝用户使用asp.net访问iframe网页 - Deny a user to access Iframe web page using asp.net 如何拒绝访问asp.net中的文件夹? - How to deny access to folder in asp.net? ASP.NET Windows身份验证拒绝来自RDP用户的访问 - ASP.NET Windows authentication deny access from RDP user ASP.NET您如何动态拒绝对角色的访问 - ASP.NET How do you dynamically deny access to Role Asp.net:如何拒绝用户访问页面并设置权限? - Asp.net : How to deny a page to be accesed by users and set permissions? 检查ASP.NET Core 1.0中的会话 - Check for session in ASP.NET Core 1.0 同步访问ASP.NET会话的成员 - Synchronizing Access to a member of the ASP.NET session 自定义策略中的ASP.NET 5 Access会话 - ASP.NET 5 Access session in custom Policy 无法访问会话 asp.net 核心 - Cannot access session asp.net core 在母版页asp.net中的会话 - Session in master page asp.net
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM