[英]Redirect to login with attribute Authorize using cookies authentication in ASP.NET 5
[英]Login using cookies is not working in ASP.net
我正在尝试基于cookie创建登录系统(而不是在页面关闭或刷新时发出提示)
这是Login.aspx.cs背后的代码:
string cmdText = "SELECT Username,Role FROM Login WHERE Username = '" + TextBox1.Text + "' AND Password = '" + TextBox2.Text + "'";
string username = "";
string role = "";
using (SqlCommand SelectCommand = new SqlCommand(cmdText, connectionstring))
{
SqlDataReader myReader;
connectionstring.Open();
myReader = SelectCommand.ExecuteReader();
while (myReader.Read())
{
username = myReader["username"].ToString();
role = myReader["role"].ToString();
}
myReader.Close();
if (!string.IsNullOrEmpty(username))
{
string script = "alert(\"Login successful!\");";
ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true);
connectionstring.Close();
//STORE userinfo into cookie,set cookie Expires 1 day more
Response.Cookies["username"].Path = username;
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
Response.Cookies["role"].Path = role;
Response.Cookies["role"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["role"].Path = "/";
if (role.Equals("admin"))
{
Response.Redirect("admin.aspx");
Label1.Text = "admin";
}
if (role.Equals("doctor"))
{
Response.Redirect("doctor.aspx");
Label1.Text = "doc";
}
if (role.equals("patient"))
{
Response.Redirect("patient.aspx");
}
}
else
{
string script = "alert(\"Login Failed!\");";
ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true);
connectionstring.Close();
}
}
}
但似乎在重定向到所需页面时出现问题。 当我输入管理员角色的用户名和密码时。 它说登录成功,但是没有进入管理页面。 为什么会这样呢? 我想念什么吗?
对于管理员(和其他页面),我使用此代码读取Cookie
string role = "";
string username = "";
if (Request.Cookies["role"] != null)
{
role = Request.Cookies["role"].Value;
}
if (Request.Cookies["role"] != null)
{
username = Request.Cookies["username"].Value;
}
if (role == "patient ")
{
//SET control visible=false if no right.
Button1.Visible = false;
}
这用于在登录后和/或用户唱歌后编辑Cookie
//create cookie
Response.Cookies["username"].Value = Server.UrlEncode("abc");
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
//modify cookie value
Response.Cookies["username"].Value = Server.UrlEncode("def");;
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
//delete cookie value
//delete cookie infact is set Expires is past day DateTime.Now.AddDays(-1);
Response.Cookies["username"].Value = Server.UrlEncode("def");
Response.Cookies["username"].Expires = DateTime.Now.AddDays(-1);
Response.Cookies["username"].Path = "/";
//checking if cookie exist and reading it.
if (Request.Cookies["role"] != null)
{
role = Server.UrlDecode(Request.Cookies["role"].Value);
}
但看起来我缺少了一些我不了解的东西。 我认为问题出在if函数,在这里:
if (role.Equals("admin"))
有什么建议吗? 这是使用Cookie的正确方法吗?
我对Cookie也很陌生,但是在Google搜索了几个小时后,我以这种方式使用Cookies及其工作原理,希望对您有所帮助
要添加Cookie:
string UserData = _User + "/" + _Password;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1 , _User , DateTime.Now, DateTime.Now.AddMinutes(60), _KeepLoggedIn, UserData);
string encrypted = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Name = "SESSION";
Response.Cookies.Add(cookie);
读取Cookies:
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get("SESSION");
if (cookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
var userName = ticket.Name;
var userData = ticket.UserData.Split('/').ToArray();
string _User = userData[0];
string _Password = userData[1];
... Your code to authenticate and 'Response.Redirect'...
}
要“删除” Cookie:
int limit = Request.Cookies.Count; //Get the number of cookies and
//use that as the limit.
HttpCookie aCookie; //Instantiate a cookie placeholder
string cookieName;
//Loop through the cookies
for (int i = 0; i < limit; i++)
{
cookieName = Request.Cookies[i].Name; //get the name of the current cookie
aCookie = new HttpCookie(cookieName); //create a new cookie with the same
// name as the one you're deleting
aCookie.Value = ""; //set a blank value to the cookie
aCookie.Expires = DateTime.Now.AddDays(-1); //Setting the expiration date
//in the past deletes the cookie
Response.Cookies.Add(aCookie); //Set the cookie to delete it.
}
为什么要重新发明轮子? asp.net已经内置了所有此功能。 而且由于您的代码现在很容易受到SQL注入的影响,因此您的cookie可能不安全。 Google asp net authentication
这个简单的教程可以向您展示如何入门: http : //www.c-sharpcorner.com/uploadfile/syedshakeer/formsauthentication-in-Asp-Net/
您还需要创建一个数据库来存储用户,密码,角色等。本文可以为您提供帮助: https : //www.asp.net/web-forms/overview/older-versions-security/membership/在SQL Server VB中创建成员资格模式
另外,如果您在Visual Studio中创建一个新项目,它将添加一个登录表单(以及更多),因此您可以使用它作为示例。 文件>新建项目> Web> ASP.NET Web应用程序
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.