ASP.NET重定向到默认URL以外的页面
[英]ASP.NET redirecting to a page other than the default url
问题描述
I was able to redirect the user to the default url(Default.aspx) page after every successful login. 
每次成功登录后,我都能将用户重定向到默认的url(Default.aspx)页面。 Now i want to make sure that the staff who is not an administrator to try to access login(Unauthorized.aspx) into default page. 现在,我要确保不是管理员的工作人员尝试访问登录名(Unauthorized.aspx)进入默认页面。 I'm using two asp.net page(Default.apsx and Unauthorized.aspx). 我正在使用两个asp.net页面(Default.apsx和Unauthorized.aspx)。 But the problem is when i use mary tan who is administrator redirect to another page(Unauthorized.apsx) instead going to default url page. 但是问题是,当我使用管理员重定向到另一个页面(Unauthorized.apsx)的mary tan而不是转到默认的url页面时。 Here is my error: 这是我的错误:
Staff and Admin: 员工和管理员:
Output: 输出:
Web.config: Web.config:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" slidingExpiration="true" timeout="20"></forms>
</authentication>
Login.aspx.cs coding: Login.aspx.cs编码:
public partial class Login : System.Web.UI.Page
{
SqlConnection conn = null;
SqlCommand cmd = null;
string connectionString = null;
string staffName = null;
string staffId = null;
string role = null;
protected void Page_Load(object sender, EventArgs e)
{
}
public bool CheckValidUser(string Username, string Password)
{
bool valid = false;
SqlDataReader dr = null;
connectionString = ConfigurationManager.ConnectionStrings["LeaveManagementCS"].ConnectionString;
string sql = "SELECT * from Staff WHERE Username=@Username AND Password=@Pwd And Role=N'A' OR Role=N'S'";
try
{
conn = new SqlConnection(connectionString);
cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@Username", Username);
cmd.Parameters.AddWithValue("@Pwd", Password);
conn.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
staffName = dr["StaffName"].ToString();
staffId = dr["StaffId"].ToString();
role = dr["Role"].ToString();
valid = true;
}
else
{
lblOutput.Text = "There is an error logging in. Please check username or password.";
}
dr.Close();
}
catch (Exception ex)
{
lblOutput.Text = "Error Message: " + ex.Message;
}
finally
{
if (conn != null)
conn.Close();
}
return valid;
}
protected void tbLogin_Click(object sender, EventArgs e)
{
bool validUser = CheckValidUser(tbUsername.Text, tbPassword.Text);
if (validUser)
{
Session["StaffName"] = staffName;
FormsAuthentication.SetAuthCookie(staffName, false);
FormsAuthentication.RedirectFromLoginPage(staffName, false);
Session["StaffId"] = staffId;
FormsAuthentication.SetAuthCookie(staffId, false);
FormsAuthentication.RedirectFromLoginPage(staffId, false);
Session["Role"] = role;
FormsAuthentication.SetAuthCookie(role, true);
Response.Redirect("~/Unauthorized.aspx");
}
else
{
lblOutput.Text = "Invalid User. Please try again.";
}
}
}
1 个解决方案
解决方案1
1 2016-08-06 14:20:47
The problem is during your login code, you are always redirecting valid users to the Unauthorized page 问题是在您的登录代码期间,您始终将有效用户重定向到“未经授权”页面
Response.Redirect("~/Unauthorized.aspx");
I'd just throw in a if statement here to redirect to the correct page if the user is in a certain role (and make sure that page is locked down using the ASP.NET Identity Roles system ) 我只是在这里抛出一个if语句,以便在用户担任特定角色时重定向到正确的页面(并使用ASP.NET Identity Roles system确保该页面已被锁定)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.