[英]asp.net c# login webpage error
我有以下問題:
我使用asp.net和c#創建一個網站,在第一頁是登錄,HTML基本上是2個文本字段和1個按鈕,請求以下功能:
protected void Button1_Click(object sender, EventArgs e)
{
ServicioIS.Service1SoapClient objeto = new ServicioIS.Service1SoapClient();
string a = ci.Value.ToString();
string b = pass.Value.ToString();
// bool x = objeto.Log(a,b);
bool flag = false;
SqlConnection con = new SqlConnection();
con.ConnectionString = "Server=.;database=Proyecto.mdf;user=;password=";
con.Open();
string check = "SELECT COUNT(*) FROM Admin WHERE login ='" + a + "'";
SqlCommand com = new SqlCommand(check, con);
int cont = Convert.ToInt32(com.ExecuteScalar().ToString());
con.Close();
if (cont == 1)
{
con.Open();
string checkpass = "SELECT pass FROM Admin WHERE login = '" + a + "'";
SqlCommand ds = new SqlCommand(checkpass, con);
string contra = ds.ExecuteScalar().ToString().Replace(" ", "");
con.Close();
if (a == contra)
{
flag = true;
}
}
if (flag)
{
Response.Write("Contraseña Correcta");
}
else
{
Response.Write("usuario o contraseña invalidos");
}
}
錯誤和堆棧跟蹤如下:
Line 31: SqlConnection con = new SqlConnection();
Line 32: con.ConnectionString = " "Server=.;database=Proyecto.mdf;user=;password=";
Line 33: con.Open();
Line 34: string check = "SELECT COUNT(*) FROM Admin WHERE login ='" + a + "'";
Line 35: SqlCommand com = new SqlCommand(check, con);
Source File: c:\Users\Fabrizio\Desktop\Nueva carpeta (2)\ProyectoIS\WebAppIS\WebAppIS\Interface\Login.aspx.cs Line: 33
Stack Trace:
[SqlException (0x80131904): Login failed for user ''.]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5347119
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +1693
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +69
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) +30
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +317
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
System.Data.SqlClient.SqlConnection.Open() +96
WebAppIS.Interface.Login.Button1_Click(Object sender, EventArgs e) in c:\Users\Fabrizio\Desktop\Nueva carpeta (2)\ProyectoIS\WebAppIS\WebAppIS\Interface\Login.aspx.cs:33
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +9627718
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +103
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1724
PD:我使用Visual Studio 2012,如果它更容易修復它:)
聽起來像用戶身份驗證問題。 出於安全原因,SQL隱藏了錯誤的詳細信息,但您應該能夠在SQL Server錯誤日志中找到更多信息。 有關故障排除信息,請參閱以下鏈接: https : //msdn.microsoft.com/en-us/library/ms366351.aspx
SQL錯誤表示您的應用程序沒有對數據庫的權限。 我相信這是因為您提供了用戶和密碼屬性,但將它們留空。 嘗試使用可信連接。
con.ConnectionString = "Server=.\SQLExpress;AttachDbFilename=Proyecto.mdf;Database=dbname;Trusted_Connection=Yes;";
此外,評論中指出您的代碼容易受到SQL注入攻擊。 這是非常正確的。 您應該使用參數化SQL將您的變量添加到SQL語句,如下所示。
SqlParam param;
string check = "SELECT COUNT(*) FROM Admin WHERE login=@LoginName";
SqlCommand com = new SqlCommand(check, con);
param = new SqlParameter("@LoginName", SqlDbType.VarChar);
param.Direction = ParameterDirection.Input;
param.Value = a;
com.Parameters.Add(param);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.