简体   繁体   中英

Using sessions in c#

This is my code using sessions in C# for login. I have business logic and data access layer written for this, but my code is not working as expected. Even if there is no record in DB, i am able to login and it redirects to error.aspx

Default.aspx.cs

public void LoginButton_Click(object sender, System.EventArgs e)
{
    int id;

    if (LoginName.Text!=""&& Password.Text!="")
    {
        try
        {
            sessionVars = BL_Authenticate.AuthenticateUser(sessionVars, LoginName.Text, Password.Text);

            Response.Redirect("home.aspx");
        }
        catch (Exception ex)
        {
            Session["Exception"] = ex.Message.ToString();
            Response.Redirect("error.aspx");
        }

        //else
        //{
        //    Response.Redirect("error.aspx");

        //}
        if (sessionVars.Tables[0].Rows.Count >= 1)
        {
            try
            {
                Session["User"] = (string)sessionVars.Tables[0].Rows[0]["FirstName"];
                Session["User"] += (string)" ";
                Session["User"] += (string)sessionVars.Tables[0].Rows[0]["LastName"];
            }
            catch (Exception ex)
            {
                Session["Exception"] = ex.Message.ToString();
                Response.Redirect("error.aspx");
            }
            id = (int)sessionVars.Tables[0].Rows[0][0];
            if (id >= 1)
            {
                try
                {
                    Session["Role"] = "Admin";
                    FormsAuthentication.Authenticate((string)sessionVars.Tables[0].Rows[0]["Login"], (string)sessionVars.Tables[0].Rows[0]["Password"]);
                }
                catch (Exception ex)
                {
                    Session["Exception"] = ex.Message.ToString();
                    Response.Redirect("error.aspx");
                }
                if (FormsAuthentication.GetRedirectUrl("Admin", false) == "/UserInterface/home.aspx")
                {
                    FormsAuthentication.RedirectFromLoginPage("admin", false);
                    Response.Redirect("home.aspx");
                }
                else
                    FormsAuthentication.RedirectFromLoginPage("admin", false);
            }
            else
            {
                Session["Role"] = "User";
                FormsAuthentication.RedirectFromLoginPage("user", false);
            }
        }
        else
        {
            errorMessage.Text = "Sorry, wrong username or password.";
        }
    }

}

}

BL_Authenticate

public class BL_Authenticate
{
    public static DataSet AuthenticateUser(DataSet user, string login, string password)

    {
        return DAL_Authenticate.AuthenticateUser(user, login, password);
    }
}

DAL_Authenticate

public static DataSet AuthenticateUser(DataSet dataset, string login, string password)
{
    try
    {

        //Dispose all objects that have a .Dispose()

        SqlDataAdapter adapter = new SqlDataAdapter();
        conn = DAL_DataBaseConnection.GetConnection();
        SqlCommand cmd = new SqlCommand("authentication", conn);
        cmd.CommandType = CommandType.StoredProcedure;
        SqlParameter param = cmd.Parameters.Add("@Login", SqlDbType.VarChar, 255);
        param.Value = login;
        param = cmd.Parameters.Add("@Password", SqlDbType.VarChar, 255);
        param.Value = password;
        adapter.SelectCommand = cmd;
        adapter.Fill(dataset);
    }
    finally
    {
        conn.Close();
    }
    return dataset;
}

我看到的一件正常的事是,如果登录失败,它会重定向到错误页面,因此那里没有错误,您确定登录时可以正常工作吗?

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM