如何在 ASP.NET MVC 中保存登录 session
[英]How do I save Log In session in ASP.NET MVC
问题描述
Hi this is my Login Controller for the Login page and I have done everything to check and login however I have not made the Login Session so my website does not know whoever login using the IDs and Password from the database.
嗨,这是我登录页面的登录 Controller,我已经完成了所有检查和登录,但是我没有登录 Session,所以我的网站不知道谁使用数据库中的 ID 和密码登录。 So the website only recognizes one user even after the login has been made.因此,即使在登录后,该网站也只能识别一个用户。
I also need to know how to retrieve the login session if I am to make a selection using a button.如果我要使用按钮进行选择,我还需要知道如何检索登录 session。 For example;例如; "User Z selected WorkSchedule A *after logging in with User Z's username and password" “用户 Z 选择WorkSchedule A *使用用户 Z 的用户名和密码登录后”
A login wouldn't be complete if there is no saved session for the website, I have troubles making the save session and would appreciate if someone could guide me towards making it.如果网站没有保存 session,则登录将不完整,我在保存 session 时遇到了麻烦,如果有人能指导我制作它,我将不胜感激。
Controller code: Controller 代码:
[HttpGet]
public ActionResult Login()
{
return View();
}
void connectionString()
{
con.ConnectionString = " ";
}
[HttpPost]
public ActionResult SaveData(Account acc)
{
connectionString();
con.Open();
com.Connection = con;
com.CommandText = "insert into Staff (StaffNRIC,StaffEmail,StaffContact,StaffName,StaffAddress,BranchID,StaffRole,StaffPositionID,StaffAccountStatus)" +
"values ('" + acc.StaffNRIC + "','" + acc.StaffEmail + "','" + acc.StaffContact + "','" + acc.StaffName + "','" + acc.StaffAddress + "','" + acc.BranchID + "',' NULL ','" + acc.StaffPositionID + "', 'Pending' )";
dr = com.ExecuteReader();
if (dr.Read())
{
con.Close();
return View("Register");
}
else
{
con.Close();
return View("Login");
}
}
[HttpPost]
public ActionResult Verify(Account acc)
{
connectionString();
con.Open();
com.Connection = con;
com.CommandText = "select * from Staff where StaffNRIC='" + acc.StaffNRIC + "' and StaffContact='" + acc.StaffContact + "' and StaffAccountStatus = 'Approved'";
dr = com.ExecuteReader();
if (dr.Read())
{
con.Close();
return View("Home");
}
else
{
con.Close();
return View("Login");
}
}
View Page:查看页面:
<form action="Verify" method="post">
<div class=" w3l-form-group">
<label>NRIC:</label>
<div class="group">
<i class="fas fa-user"></i>
<input type="text" name="StaffNRIC" class="form-control" placeholder="StaffNRIC" required="required">
</div>
</div>
<div class=" w3l-form-group">
<label>Password:</label>
<div class="group">
<i class="fas fa-unlock"></i>
<input type="password" name="StaffContact" class="form-control" placeholder="StaffContact" required="required">
</div>
</div>
<button type="submit">Login</button>
</form>
</div>
2 个解决方案
解决方案1
1 已采纳 2020-08-07 09:38:51
First, from your description, it seems that your application is an Asp.net MVC application, instead of Asp.net Core MVC application.首先,根据您的描述,您的应用程序似乎是 Asp.net MVC 应用程序,而不是 Asp.net Core MVC 应用程序。 So, you could directly use a session to store the User information in the session:因此,您可以直接使用 session 将用户信息存储在 session 中:
Code as below, save value to session:代码如下,将值保存到 session:
Session("UserName") = UserName;
Then, when you read data from the session, you could use the following code:然后,当您从 session 读取数据时,您可以使用以下代码:
if (Session["UserName"] != null)
{
return View();
} else
{
return RedirectToAction("Login");
}
More detail information about session state management in asp.net, please check the following articles:关于 asp.net 中的 session state 管理的更多详细信息,请查看以下文章:
ASP.NET Session State Overview ASP.NET Session State 概述
Simple Login Application using Sessions in ASP.NET MVC 在 ASP.NET MVC 中使用会话的简单登录应用程序
Second, Asp.net provides a Identity system, we could use its build-in method to achieve Login function, Manager users, roles and more and store login user information with cookie.其次,Asp.net提供了一个Identity system,我们可以使用它的内置方法来实现Login function,Manager用户,角色等,并通过cookie存储登录用户信息。 You could try to use it with your MVC application.您可以尝试将它与您的 MVC 应用程序一起使用。 Please check the following articles:请检查以下文章:
Introduction to ASP.NET Identity ASP.NET身份介绍
Adding ASP.NET Identity to an Empty or Existing Web Forms Project 将 ASP.NET 身份添加到空的或现有的 Web Forms 项目
Adding ASP.NET MVC5 Identity Authentication to an existing project 将 ASP.NET MVC5 身份验证添加到现有项目
Besides, if your application is Asp.net Core MVC application, you have to enable the session middleware in Startup.cs.此外,如果您的应用程序是 Asp.net Core MVC 应用程序,则必须在 Startup.cs 中启用 session 中间件。 More detail information about using session and Identity in asp.net core, you could check the following articles:有关在 asp.net 内核中使用 session 和 Identity 的更多详细信息,您可以查看以下文章:
Session and state management in ASP.NET Core ASP.NET 内核中的 Session 和 state 管理
Introduction to Identity on ASP.NET Core ASP.NET内核上的身份介绍
How add ASP.NET Core identity to existing Core mvc project? 如何将 ASP.NET 核心标识添加到现有的核心 mvc 项目中?
解决方案2
0 2020-08-07 06:53:03
- First of all your code is vulnerable for sql injects.首先,您的代码容易受到 sql 注入的攻击。
- MVC project has build in user authentication system, why not to use it? MVC 项目已经内置了用户认证系统,为什么不使用呢?
- If you don't want to use build in user authentication, you can implement cookie which will store current user session.如果您不想使用内置用户身份验证,则可以实现 cookie,该 cookie 将存储当前用户 session。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.