登录身份验证逻辑在C#.NET中不起作用
[英]login authentication logic not working in C#.NET
问题描述
i have the table user_info created and with 2 username and password in it. 
我创建了表user_info,并在其中有2个用户名和密码。 When i execute the below code,it always goes into the "else" condition even if i type hte correct username and password. 当我执行以下代码时,即使我键入正确的用户名和密码,它也总是进入“其他”状态。
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
string v = System.Configuration.ConfigurationManager.ConnectionStrings["harish"].ConnectionString;
con = new OracleConnection(v);
con.Open();
cmd = new OracleCommand("select * from user_info where username='" + Login1.UserName.Trim() + "' and password='" + Login1.Password + "'", con);
dr = cmd.ExecuteReader();
dr.Read();
if (dr.HasRows)
{
Response.Redirect("Default2.aspx");
}
else
{
Response.Redirect("Default.aspx");
}
con.Close();
dr.Close();
}
2 个解决方案
解决方案1
1 2012-06-07 17:51:59
It is going in to the else because the dr has no rows. 它正在进入其他,因为博士没有行。 To find out why, put a break point on 要找出原因,请在
dr = cmd.ExecuteReader();
then take the actualy sql select command with the parameters and run this as a sql statement against the db to see if it returns rows. 然后使用带有该参数的sql select命令,并对该命令作为sql语句对数据库运行,以查看其是否返回行。 My Suspicion is that whatever you think is feeding Login1.Username and/or Login1.Password is passing nothing across but hard to say without knowing how Login1 is filled. 我的怀疑是,无论您认为给Login1.Username和/或Login1.Password提供什么,它都不会传递任何东西,但很难说,而无需知道Login1是如何填充的。
Btw, if these are textboxes on a web page then you need to use Login1.Username.Text and Login1.Password.Text to get the actual string that is in the textbox. 顺便说一句,如果这些是网页上的文本框,则需要使用Login1.Username.Text和Login1.Password.Text来获取文本框中的实际字符串。
解决方案2
0 已采纳 2012-06-07 18:08:28
First things first, you should at a minimum be hashing the password. 首先,您至少应该对密码进行哈希处理。 Also it's best practice to not leave your connections at a class level. 另外,最好的做法是不要将您的连接留在课堂上。 They should be created, opened, and closed when you use them. 使用它们时,应该创建,打开和关闭它们。 Same with commands, readers, etc...This can be done very easily with a using block. 与命令,读取器等相同... 使用using块可以非常容易地完成。
Next, ensure you are accessing the actual string values and not controls when using Login1.UserName and Login1.Password. 接下来,确保在使用Login1.UserName和Login1.Password时访问的是实际的字符串值,而不是控件。 If you're using controls, you need to use Login1.UserName.Text.Trim() and Login1.Password.Text.Trim(). 如果使用控件,则需要使用Login1.UserName.Text.Trim()和Login1.Password.Text.Trim()。 You can ensure this by storing the query you build into a local string value and seeing what's actually built. 您可以通过将构建的查询存储到本地字符串值中并查看实际构建的内容来确保这一点。
Do not use the DataReader for what you are doing. 不要将DataReader用于您正在做的事情。 Instead use the ExecuteScalar method: 而是使用ExecuteScalar方法:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
string v = System.Configuration.ConfigurationManager.ConnectionStrings["harish"].ConnectionString;
con = new OracleConnection(v);
con.Open();
cmd = new OracleCommand("select * from user_info where username='" + Login1.UserName.Trim() + "' and password='" + Login1.Password + "'", con);
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count > 0)
{
Response.Redirect("Default2.aspx");
}
else
{
Response.Redirect("Default.aspx");
}
con.Close();
}
Once you have this setup, put a breakpoint on the if (count > 0) line. 设置完成后,在if(count> 0)行上放置一个断点。 Check your query that's stored in the local var and check the count. 检查存储在本地变量中的查询,然后检查计数。 This should give you all you need. 这应该为您提供所需的一切。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.