stackoom
  简体   繁体   中英

How to make it so that only authenticated users can access a page in an ASP .NET project

 原文  2019-01-03 06:09:47       c#/ asp.net/ .net

Question

I'm trying to make is so that after logging in to a site, the application automatically redirects the user to the default page of the application. Also, it is important that the user cannot access anything other than the login webpage without being logged in. I've been stuck on this for 3 days now. We have a horrible professor who doesn't do his documentation right (I have to google everything instead of having it in the scripts or something)

The user's credentials are hardcoded inside of the Web.config file as keyed values. They are not checked against a database, only against the hardcoded strings.

This is the code that I have:

The design of the login page (it's the Login element from the toolbox, not something manually constructed).

This is the code of that page: Login.aspx.cs 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

namespace LV1___Kalkulator
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected bool ValidateUser(String username, String password)
        {
            if (Login1.UserName == "tstipic" && // ConfigurationManager.AppSettings["korisnickoime"] &&
               Login1.Password == "password") //ConfigurationManager.AppSettings["sifra"])
            {
                return true;
            }
            else return false;
        }

        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
        {
            if (e.Authenticated)
            {
                Response.Redirect("Dafault.aspx");
            }
            if (ValidateUser(Login1.UserName, Login1.Password))
            {
                Response.Redirect("Dafault.aspx");
            }
            else
            {
                e.Authenticated = false;
            }
        }
    }
}

This is my web.config file: 

<?xml version="1.0" encoding="utf-8"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  https://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>    
  <system.web>

    <compilation debug="true" targetFramework="4.6.1"/>
    <httpRuntime targetFramework="4.6.1"/>
  </system.web>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs"
        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
        warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"
        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
        warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+"/>
    </compilers>
  </system.codedom>
  <appSettings>
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
    <add key="korisnickoime" value="user"/>
    <add key="sifra" value="pass"/>
    </appSettings>
  <connectionStrings>
    <add name="konekcijaNaBazu"
       connectionString="Provider=Microsoft.Jet.OLEDB.4.0;
       Data Source=|DataDirectory|\ASP_Database.mdb"
       providerName="System.Data.OleDb"/>  
  </connectionStrings>
</configuration>

Edit: I have implemented what Albert D. Kallal advised. That seems to be a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

1 answers

solution1
 0  2019-01-03 06:50:12

Assuming you enabled security, then you need this in your config file: 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
       <authorization>
        <deny users="?"/>
       </authorization>
    </system.web>
</configuration>

What the above means and says: Do NOT allow anyone to hit a web page unless they are authenticated. If they are not authenticated, then the web server will automatic re-direct users to your logon page. The result is no web page can be hit unless they are logged on. If they manually type in a URL, then the web server will re-direct them to the logon page, because that's the page you setup as the logon page. That setting in web.config is 

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />
</authentication>

So above sets the default web page, but ALSO sets the page that everyone is re-directed to if they attempt to hit a web page without having been authenticated.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET How to determine if authenticated user can access a page or directory? ASP.net C# How can I make it so only one field in database updates in update page How to make a div accessable only for authenticated users Restrict static files access to authenticated users in ASP.Net Allow anonymus users to access only Login and Register page in ASP.NET ASP.NET Identity MVC 5 how can I make the manage account view public so other users can see each other's profiles? Restricting certain page functionality or user interface to authenticated users in Asp.Net How can I integrate an Asp.net page with a Python project? Using Auth0 for Asp.Net MVC project how to redirect users directly to Signup page How to restrict static file that only authenticated user can access?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM