62,073
社区成员
发帖
与我相关
我的任务
分享基于form的角色验证,求源码。
多角色的验证,希望能提供源码,带数据库。自己写了2两天了,老是出现一些问题。
如果有用membership的更好,麻烦大家给邮箱发,谢谢了。
hugebenz@126.com
如果有用membership的更好,麻烦大家给邮箱发,谢谢了。
hugebenz@126.com
...全文
请发表友善的回复…
发表回复
benbenkui 2008-04-16
- 打赏
- 举报
谢谢各位
to 小灰,你的那个我看了,用了有点问题。在等你的注册码啊
to 小灰,你的那个我看了,用了有点问题。在等你的注册码啊
iuhxq 2008-04-16
- 打赏
- 举报
[Quote=引用 7 楼 iuhxq 的回复:]
asp.net中使用窗体身份验证
[/Quote]
建议你好好看看,无需反复顶贴。
asp.net中使用窗体身份验证
[/Quote]
建议你好好看看,无需反复顶贴。
zhangxuyu1118 2008-04-16
- 打赏
- 举报
我的用户安全控制做法:
web.config: Forms验证,允许所有人访问
...
<authentication mode="Forms"/>
<authorization>
<allow users="*"/>
</authorization>
...
然后在代码中控制各个页面的访问权限:
。。。
if (!IsPostBack)
{
//判断是否已经登陆
if (User.Identity.Name.ToString() == "")
Response.Redirect("Login.aspx?url=" + this.Request.Url.ToString());
。。。
}
web.config: Forms验证,允许所有人访问
...
<authentication mode="Forms"/>
<authorization>
<allow users="*"/>
</authorization>
...
然后在代码中控制各个页面的访问权限:
。。。
if (!IsPostBack)
{
//判断是否已经登陆
if (User.Identity.Name.ToString() == "")
Response.Redirect("Login.aspx?url=" + this.Request.Url.ToString());
。。。
}
yanjing_mail 2008-04-16
- 打赏
- 举报
学习
zhangxuyu1118 2008-04-16
- 打赏
- 举报
上面两个是我在用的SQLSERVER和ACCESS的 MembershipProvider,供参考
zhangxuyu1118 2008-04-16
- 打赏
- 举报
//没有实现的方法
public override string ApplicationName
{
get
{
throw new Exception("The method or operation is not implemented.");
}
set
{
throw new Exception("The method or operation is not implemented.");
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool EnablePasswordReset
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool EnablePasswordRetrieval
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override int GetNumberOfUsersOnline()
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetUserNameByEmail(string email)
{
throw new Exception("The method or operation is not implemented.");
}
public override int MaxInvalidPasswordAttempts
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int PasswordAttemptWindow
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool RequiresUniqueEmail
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string ResetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool UnlockUser(string userName)
{
throw new Exception("The method or operation is not implemented.");
}
public override void UpdateUser(MembershipUser user)
{
throw new Exception("The method or operation is not implemented.");
}
}
public override string ApplicationName
{
get
{
throw new Exception("The method or operation is not implemented.");
}
set
{
throw new Exception("The method or operation is not implemented.");
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool EnablePasswordReset
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool EnablePasswordRetrieval
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override int GetNumberOfUsersOnline()
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetUserNameByEmail(string email)
{
throw new Exception("The method or operation is not implemented.");
}
public override int MaxInvalidPasswordAttempts
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int PasswordAttemptWindow
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool RequiresUniqueEmail
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string ResetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool UnlockUser(string userName)
{
throw new Exception("The method or operation is not implemented.");
}
public override void UpdateUser(MembershipUser user)
{
throw new Exception("The method or operation is not implemented.");
}
}
zhangxuyu1118 2008-04-16
- 打赏
- 举报
using System;
using System.Data;
using System.Data.OleDb;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using zxy.AccessUtility;
/// <summary>
/// AccessMembershipProvider 的摘要说明
/// </summary>
public class AccessMembershipProvider : MembershipProvider
{
//private string connStr;//保存数据库连接字符串
private bool _requiresQuestionAndAnswer;//是否需要问题和回答
private int _minRequiredPasswordLength;//最短密码长度
public override int MinRequiredPasswordLength
{
get { return _minRequiredPasswordLength; }
}
public override bool RequiresQuestionAndAnswer
{
get
{
return _requiresQuestionAndAnswer;
}
}
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
{
if (config["requiresQuestionAndAnswer"].ToLower() == "true")
{
_requiresQuestionAndAnswer = true;
}
else
{
_requiresQuestionAndAnswer = false;
}
int.TryParse(config["minRequiredPasswordLength"], out _minRequiredPasswordLength);
//connStr = config["connectionString"];
base.Initialize(name, config);
}
public override bool ValidateUser(string username, string password)
{
string s = "select count(*) from TB_USER where ZID=@ZID AND ZPSW=@ZPSW";
OleDbParameter[] param = new OleDbParameter[2];
param[0] = new OleDbParameter("ZID", username);
param[1] = new OleDbParameter("ZPSW", password);
return ((int)AccessHelper.ExecuteScalar(s, param) > 0);
/*System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
string sql = "select * from Membership where username=@username and password=@password";
System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", password);
System.Data.OleDb.OleDbDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
conn.Close();
return true;
}
else
{
conn.Close();
return false;
}
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
return false;
}*/
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
string s = "INSERT INTO TB_USER VALUES(@ZID, @ZPSW, @ZEMAIL, @ZQ, @ZA)";
OleDbParameter[] param = new OleDbParameter[5];
param[0] = new OleDbParameter("@ZID", username);
param[1] = new OleDbParameter("@ZPSW", password);
param[2] = new OleDbParameter("@ZEMAIL", email);
param[3] = new OleDbParameter("@ZQ", passwordQuestion);
param[4] = new OleDbParameter("@ZA", passwordAnswer);
if (AccessHelper.ExecuteNonQuery(s, param) > 0)
{
MembershipUser user = new MembershipUser("AccessMembershipProvider",
username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
else
{
status = MembershipCreateStatus.ProviderError;
return null;
}
/*
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
//string sql = "insert into Membership(username,password,Email,passwordQuestion,passwordAnswer) values(@username,@password,@email,@pq,@pa)";
//System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
//command.Parameters.AddWithValue("@username", username);
//command.Parameters.AddWithValue("@password", password);
//command.Parameters.AddWithValue("@email", email);
//command.Parameters.AddWithValue("@pq", passwordQuestion);
//command.Parameters.AddWithValue("@pa", passwordAnswer);
//command.ExecuteNonQuery();
MembershipUser user = new MembershipUser("AccessMembershipProvider", username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
status = MembershipCreateStatus.ProviderError;
return null;
}*/
}
using System.Data;
using System.Data.OleDb;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using zxy.AccessUtility;
/// <summary>
/// AccessMembershipProvider 的摘要说明
/// </summary>
public class AccessMembershipProvider : MembershipProvider
{
//private string connStr;//保存数据库连接字符串
private bool _requiresQuestionAndAnswer;//是否需要问题和回答
private int _minRequiredPasswordLength;//最短密码长度
public override int MinRequiredPasswordLength
{
get { return _minRequiredPasswordLength; }
}
public override bool RequiresQuestionAndAnswer
{
get
{
return _requiresQuestionAndAnswer;
}
}
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
{
if (config["requiresQuestionAndAnswer"].ToLower() == "true")
{
_requiresQuestionAndAnswer = true;
}
else
{
_requiresQuestionAndAnswer = false;
}
int.TryParse(config["minRequiredPasswordLength"], out _minRequiredPasswordLength);
//connStr = config["connectionString"];
base.Initialize(name, config);
}
public override bool ValidateUser(string username, string password)
{
string s = "select count(*) from TB_USER where ZID=@ZID AND ZPSW=@ZPSW";
OleDbParameter[] param = new OleDbParameter[2];
param[0] = new OleDbParameter("ZID", username);
param[1] = new OleDbParameter("ZPSW", password);
return ((int)AccessHelper.ExecuteScalar(s, param) > 0);
/*System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
string sql = "select * from Membership where username=@username and password=@password";
System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", password);
System.Data.OleDb.OleDbDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
conn.Close();
return true;
}
else
{
conn.Close();
return false;
}
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
return false;
}*/
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
string s = "INSERT INTO TB_USER VALUES(@ZID, @ZPSW, @ZEMAIL, @ZQ, @ZA)";
OleDbParameter[] param = new OleDbParameter[5];
param[0] = new OleDbParameter("@ZID", username);
param[1] = new OleDbParameter("@ZPSW", password);
param[2] = new OleDbParameter("@ZEMAIL", email);
param[3] = new OleDbParameter("@ZQ", passwordQuestion);
param[4] = new OleDbParameter("@ZA", passwordAnswer);
if (AccessHelper.ExecuteNonQuery(s, param) > 0)
{
MembershipUser user = new MembershipUser("AccessMembershipProvider",
username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
else
{
status = MembershipCreateStatus.ProviderError;
return null;
}
/*
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
//string sql = "insert into Membership(username,password,Email,passwordQuestion,passwordAnswer) values(@username,@password,@email,@pq,@pa)";
//System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
//command.Parameters.AddWithValue("@username", username);
//command.Parameters.AddWithValue("@password", password);
//command.Parameters.AddWithValue("@email", email);
//command.Parameters.AddWithValue("@pq", passwordQuestion);
//command.Parameters.AddWithValue("@pa", passwordAnswer);
//command.ExecuteNonQuery();
MembershipUser user = new MembershipUser("AccessMembershipProvider", username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
status = MembershipCreateStatus.ProviderError;
return null;
}*/
}
zhangxuyu1118 2008-04-16
- 打赏
- 举报
//没有实现的方法
public override string ApplicationName
{
get
{
throw new Exception("The method or operation is not implemented.");
}
set
{
throw new Exception("The method or operation is not implemented.");
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool EnablePasswordReset
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool EnablePasswordRetrieval
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override int GetNumberOfUsersOnline()
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetUserNameByEmail(string email)
{
throw new Exception("The method or operation is not implemented.");
}
public override int MaxInvalidPasswordAttempts
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int PasswordAttemptWindow
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool RequiresUniqueEmail
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string ResetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool UnlockUser(string userName)
{
throw new Exception("The method or operation is not implemented.");
}
public override void UpdateUser(MembershipUser user)
{
throw new Exception("The method or operation is not implemented.");
}
public override string ApplicationName
{
get
{
throw new Exception("The method or operation is not implemented.");
}
set
{
throw new Exception("The method or operation is not implemented.");
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool EnablePasswordReset
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool EnablePasswordRetrieval
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
throw new Exception("The method or operation is not implemented.");
}
public override int GetNumberOfUsersOnline()
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
throw new Exception("The method or operation is not implemented.");
}
public override string GetUserNameByEmail(string email)
{
throw new Exception("The method or operation is not implemented.");
}
public override int MaxInvalidPasswordAttempts
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override int PasswordAttemptWindow
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override bool RequiresUniqueEmail
{
get { throw new Exception("The method or operation is not implemented."); }
}
public override string ResetPassword(string username, string answer)
{
throw new Exception("The method or operation is not implemented.");
}
public override bool UnlockUser(string userName)
{
throw new Exception("The method or operation is not implemented.");
}
public override void UpdateUser(MembershipUser user)
{
throw new Exception("The method or operation is not implemented.");
}
zhangxuyu1118 2008-04-16
- 打赏
- 举报
public class MsSqlMembershipProvider : MembershipProvider
{
//private string connStr;//保存数据库连接字符串
private bool _requiresQuestionAndAnswer;//是否需要问题和回答
private int _minRequiredPasswordLength;//最短密码长度
public override int MinRequiredPasswordLength
{
get { return _minRequiredPasswordLength; }
}
public override bool RequiresQuestionAndAnswer
{
get
{
return _requiresQuestionAndAnswer;
}
}
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
{
if (config["requiresQuestionAndAnswer"].ToLower() == "true")
{
_requiresQuestionAndAnswer = true;
}
else
{
_requiresQuestionAndAnswer = false;
}
int.TryParse(config["minRequiredPasswordLength"], out _minRequiredPasswordLength);
//connStr = config["connectionString"];
base.Initialize(name, config);
}
public override bool ValidateUser(string username, string password)
{
string s = "select count(*) from TB_USER where ZID=@ZID AND ZPSW=@ZPSW";
SqlParameter[] param = new SqlParameter[2];
param[0] = new SqlParameter("ZID", username);
param[1] = new SqlParameter("ZPSW", password);
return ((int)MsSqlHelper.ExecuteScalar(s, param) > 0);
/*System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
string sql = "select * from Membership where username=@username and password=@password";
System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", password);
System.Data.OleDb.OleDbDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
conn.Close();
return true;
}
else
{
conn.Close();
return false;
}
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
return false;
}*/
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
string s = "INSERT INTO TB_USER VALUES(@ZID, @ZPSW, @ZEMAIL, @ZQ, @ZA)";
SqlParameter[] param = new SqlParameter[5];
param[0] = new SqlParameter("@ZID", username);
param[1] = new SqlParameter("@ZPSW", password);
param[2] = new SqlParameter("@ZEMAIL", email);
param[3] = new SqlParameter("@ZQ", passwordQuestion);
param[4] = new SqlParameter("@ZA", passwordAnswer);
if (MsSqlHelper.ExecuteNonQuery(s, param) > 0)
{
MembershipUser user = new MembershipUser("AccessMembershipProvider",
username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
else
{
status = MembershipCreateStatus.ProviderError;
return null;
}
/*
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
//string sql = "insert into Membership(username,password,Email,passwordQuestion,passwordAnswer) values(@username,@password,@email,@pq,@pa)";
//System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
//command.Parameters.AddWithValue("@username", username);
//command.Parameters.AddWithValue("@password", password);
//command.Parameters.AddWithValue("@email", email);
//command.Parameters.AddWithValue("@pq", passwordQuestion);
//command.Parameters.AddWithValue("@pa", passwordAnswer);
//command.ExecuteNonQuery();
MembershipUser user = new MembershipUser("AccessMembershipProvider", username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
status = MembershipCreateStatus.ProviderError;
return null;
}*/
}
}
{
//private string connStr;//保存数据库连接字符串
private bool _requiresQuestionAndAnswer;//是否需要问题和回答
private int _minRequiredPasswordLength;//最短密码长度
public override int MinRequiredPasswordLength
{
get { return _minRequiredPasswordLength; }
}
public override bool RequiresQuestionAndAnswer
{
get
{
return _requiresQuestionAndAnswer;
}
}
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
{
if (config["requiresQuestionAndAnswer"].ToLower() == "true")
{
_requiresQuestionAndAnswer = true;
}
else
{
_requiresQuestionAndAnswer = false;
}
int.TryParse(config["minRequiredPasswordLength"], out _minRequiredPasswordLength);
//connStr = config["connectionString"];
base.Initialize(name, config);
}
public override bool ValidateUser(string username, string password)
{
string s = "select count(*) from TB_USER where ZID=@ZID AND ZPSW=@ZPSW";
SqlParameter[] param = new SqlParameter[2];
param[0] = new SqlParameter("ZID", username);
param[1] = new SqlParameter("ZPSW", password);
return ((int)MsSqlHelper.ExecuteScalar(s, param) > 0);
/*System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
string sql = "select * from Membership where username=@username and password=@password";
System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", password);
System.Data.OleDb.OleDbDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
conn.Close();
return true;
}
else
{
conn.Close();
return false;
}
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
return false;
}*/
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
string s = "INSERT INTO TB_USER VALUES(@ZID, @ZPSW, @ZEMAIL, @ZQ, @ZA)";
SqlParameter[] param = new SqlParameter[5];
param[0] = new SqlParameter("@ZID", username);
param[1] = new SqlParameter("@ZPSW", password);
param[2] = new SqlParameter("@ZEMAIL", email);
param[3] = new SqlParameter("@ZQ", passwordQuestion);
param[4] = new SqlParameter("@ZA", passwordAnswer);
if (MsSqlHelper.ExecuteNonQuery(s, param) > 0)
{
MembershipUser user = new MembershipUser("AccessMembershipProvider",
username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
else
{
status = MembershipCreateStatus.ProviderError;
return null;
}
/*
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connStr);
try
{
conn.Open();
//string sql = "insert into Membership(username,password,Email,passwordQuestion,passwordAnswer) values(@username,@password,@email,@pq,@pa)";
//System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(sql, conn);
//command.Parameters.AddWithValue("@username", username);
//command.Parameters.AddWithValue("@password", password);
//command.Parameters.AddWithValue("@email", email);
//command.Parameters.AddWithValue("@pq", passwordQuestion);
//command.Parameters.AddWithValue("@pa", passwordAnswer);
//command.ExecuteNonQuery();
MembershipUser user = new MembershipUser("AccessMembershipProvider", username, providerUserKey, email, passwordQuestion, "", isApproved, true, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);
status = MembershipCreateStatus.Success;
return user;
}
catch
{
if (conn.State == ConnectionState.Open)
conn.Close();
status = MembershipCreateStatus.ProviderError;
return null;
}*/
}
}
cch1010 2008-04-16
- 打赏
- 举报
up
地下室小红叔 2008-04-16
- 打赏
- 举报
附加提示
1.如果想要在数据库里安全地存放密码,可以在存放到数据到之前先用FormsAuthentication类里的HashPasswordForStoringInConfigFile函数来加密。(注:将会产生一个哈希密码)
2.可以在配置文件(Web.config)里存放SQL连接信息,以便当需要时方便修改。
3.可以增加一些代码来防止黑客使用穷举法来进行登录。例如,增加一些逻辑使用户只能有两三次的登录机会。如果用户在指定的登录次数里无法登录的话,可以在数据库里设置一个标志符来防止用户登录直到此用户访问另一个页面或者请示你的帮助。另外,也可以在需要时增加一些适当的错误处理。
4.因为用户是基于验证cookie来识别的,所以可以在应用程序里使用安全套接层(SSL)来保护验证cookie和其它有用的信息。
5.基于表单的验证方式要求客户端的游览器接受或者启用cookies.
6.在<authentication>配置节里的timeout参数用来控制验证cookies重新产生的间隔时间。可以给它赋一个适当的值来提供更好的性能和安全性。
7.在Internet上的一些代理服务器或者缓冲可能会缓存一些将会重新返回给另外一个用户的包含Set-Cookie头的Web服务器响应。因为基于表单的验证是使用cookie来验证用户的,所以通过中间代理服务器或者缓冲的话可能会引起用户会被意外地搞错为原本不是要发送给他的用户。
1.如果想要在数据库里安全地存放密码,可以在存放到数据到之前先用FormsAuthentication类里的HashPasswordForStoringInConfigFile函数来加密。(注:将会产生一个哈希密码)
2.可以在配置文件(Web.config)里存放SQL连接信息,以便当需要时方便修改。
3.可以增加一些代码来防止黑客使用穷举法来进行登录。例如,增加一些逻辑使用户只能有两三次的登录机会。如果用户在指定的登录次数里无法登录的话,可以在数据库里设置一个标志符来防止用户登录直到此用户访问另一个页面或者请示你的帮助。另外,也可以在需要时增加一些适当的错误处理。
4.因为用户是基于验证cookie来识别的,所以可以在应用程序里使用安全套接层(SSL)来保护验证cookie和其它有用的信息。
5.基于表单的验证方式要求客户端的游览器接受或者启用cookies.
6.在<authentication>配置节里的timeout参数用来控制验证cookies重新产生的间隔时间。可以给它赋一个适当的值来提供更好的性能和安全性。
7.在Internet上的一些代理服务器或者缓冲可能会缓存一些将会重新返回给另外一个用户的包含Set-Cookie头的Web服务器响应。因为基于表单的验证是使用cookie来验证用户的,所以通过中间代理服务器或者缓冲的话可能会引起用户会被意外地搞错为原本不是要发送给他的用户。
地下室小红叔 2008-04-16
- 打赏
- 举报
参考文章 我给用代码格式化了一下 看着清晰:)
这篇文章示范了如何实现通过数据库存储用户信息来实现基于表单的验证.
(一)略
(二)用C#.NET创建ASP.NET应用程序
1.打开Visual Studio.NET
2.建立一个新的ASP.NET Web应用程序,并且指定名称和路径.
(三)在Web.config文件里配置安全设置
这一节示范了如何通过添加和修改 <authentication>和 <authorization>节点来配置ASP.NET应用程序以实现基于表单的验证.
1.在解决方案窗口里,打开Web.config文件.
2.把authentication模式改为Forms(注:默认为windows)
3.插入 <Forms>标签,并且填入适当的属性.(请链接到在文章最后列出的MSDN文档或者QuickStart文档来查看这些属性)先复制下面的代码,接着再把它粘贴到 <authentication>节:
(注:如果不指定loginUrl,默认为default.aspx)
4.通过加入以下节点实现拒绝匿名访问:
(四)创建一个数据库表样例来存放用户资料
这一节示范了如何创建一个示例数据库来存放用户名,密码,和用户角色.如果你想要实现基于角色的安全就有必要在数据库中添加一个存放用户角色的字段.
1.打开记事本。
2.把下面这段脚本复制到记事本然后保存:
3.打开Microsoft SQL Server,打开查询分析器,在数据库列表里选择Pubs数据库,然后把上面的脚本粘贴过来,运行。这时会在Pubs数据库里创建一个将会在这个示例程序中用到的示例用户表。
(五)创建Logon.aspx页面
1.在已创建好的项目里创建一个新的Web 窗体,名为Logon.aspx。
2.在编辑器里打开Logon.aspx,切换到HTML视图。
3.复制下面代码,然后在编辑菜单里“选择粘贴为HTML”选项,插入到 <form>标签之间。
这个页面用来显示一个登录表单以便用户可以提供他们的用户名和密码,并且记录到应用程序中。
4.切换到设计视图,保存这个页面。
(六)编写事件处理代码来验证用户身份
下面这些代码是放在后置代码页里的(Logon.aspx.cs)
1.双击Logon页面打开Logon.aspx.cs文件。
2.在后置代码文件里导入必要的名空间:
3.创建一个ValidateUser的函数,通过在数据库中查找用户来验证用户的身份。(请改变数据库连接字符串来指向你的数据库)
4.在cmdLogin_ServerLick事件里使用下面两种方法中的一种来产生表单验证的cookie并将页面转到指定的页面。
下面提供了两种方法的示例代码,根据你的需要来选择。
a)在cmdLogin_ServerClick事件里调用RedirectFromLoginPage方法来自动产生表单验证cookie且将页面定向到一个指定的页面。
b)产生加密验证票据,创建回应的cookie,并且重定向用户。这种方式给了更多的控制权去让你如何去创建cookie,你也可以连同FormsAuthenticationTicket一起包含一些自定义的数据。
5.请确保在InititalizeComponent方法里有如下代码:
(七)创建一个Default.aspx页面
这一节创建一个测试页面用来作为当用户验证完之后重定向到的页面。如果用户第一次没有被记录下来就浏览到这个页,这时用户将被重定向到登录页面。
1.把现有的WebForm1.aspx重命名为Default.aspx,然后在编辑器里打开。
2.切换到HTML视图,复制以下代码到 <form>标签之间:
3.切换到设计视图,保存页面。
4.在后置代码里导入必要的名空间:
5.双击SingOut按钮打开后置代码(Default.aspx.cs),然后把下面代码复制到cmdSingOut_ServerClick事件处理中:
6.请确认在InititalizeComponent方法中有以下代码:
7.保存编译项目,现在可以运行这个应用程序了。
这篇文章示范了如何实现通过数据库存储用户信息来实现基于表单的验证.
(一)略
(二)用C#.NET创建ASP.NET应用程序
1.打开Visual Studio.NET
2.建立一个新的ASP.NET Web应用程序,并且指定名称和路径.
(三)在Web.config文件里配置安全设置
这一节示范了如何通过添加和修改 <authentication>和 <authorization>节点来配置ASP.NET应用程序以实现基于表单的验证.
1.在解决方案窗口里,打开Web.config文件.
2.把authentication模式改为Forms(注:默认为windows)
3.插入 <Forms>标签,并且填入适当的属性.(请链接到在文章最后列出的MSDN文档或者QuickStart文档来查看这些属性)先复制下面的代码,接着再把它粘贴到 <authentication>节:
<authentication mode="Forms">
<form name=".ASPXFORMSDEMO" loginUrl="logon.aspx" protection="All" path="/" timeout="30"/>
</authentication> (注:如果不指定loginUrl,默认为default.aspx)
4.通过加入以下节点实现拒绝匿名访问:
<authentication>
<deny users="?"/>
<allow users="*"/>
</authentication> (四)创建一个数据库表样例来存放用户资料
这一节示范了如何创建一个示例数据库来存放用户名,密码,和用户角色.如果你想要实现基于角色的安全就有必要在数据库中添加一个存放用户角色的字段.
1.打开记事本。
2.把下面这段脚本复制到记事本然后保存:
if exists (select * from sysobjects where id =
object_id(N'[dbo].[Users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[Users]
GO
CREATE TABLE [dbo].[Users] (
[uname] [varchar] (15) NOT NULL ,
[Pwd] [varchar] (25) NOT NULL ,
[userRole] [varchar] (25) NOT NULL ,
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Users] WITH NOCHECK ADD
CONSTRAINT [PK_Users] PRIMARY KEY NONCLUSTERED
(
[uname]
) ON [PRIMARY]
GO
INSERT INTO Users values('user1','user1','Manager')
INSERT INTO Users values('user2','user2','Admin')
INSERT INTO Users values('user3','user3','User')
GO 3.打开Microsoft SQL Server,打开查询分析器,在数据库列表里选择Pubs数据库,然后把上面的脚本粘贴过来,运行。这时会在Pubs数据库里创建一个将会在这个示例程序中用到的示例用户表。
(五)创建Logon.aspx页面
1.在已创建好的项目里创建一个新的Web 窗体,名为Logon.aspx。
2.在编辑器里打开Logon.aspx,切换到HTML视图。
3.复制下面代码,然后在编辑菜单里“选择粘贴为HTML”选项,插入到 <form>标签之间。
<h3>
<font face="Verdana">Logon Page </font>
</h3>
<table>
<tr>
<td>Email: </td>
<td> <input id="txtUserName" type="text" runat="server"> </td>
<td> <ASP:RequiredFieldValidator ControlToValidate="txtUserName"
Display="Static" ErrorMessage="*" runat="server"
ID="vUserName" /> </td>
</tr>
<tr>
<td>Password: </td>
<td> <input id="txtUserPass" type="password" runat="server"> </td>
<td> <ASP:RequiredFieldValidator ControlToValidate="txtUserPass"
Display="Static" ErrorMessage="*" runat="server"
ID="vUserPass" />
</td>
</tr>
<tr>
<td>Persistent Cookie: </td>
<td> <ASP:CheckBox id="chkPersistCookie" runat="server" autopostback="false" /> </td>
<td> </td>
</tr>
</table>
<input type="submit" Value="Logon" runat="server" ID="cmdLogin"> <p> </p>
<asp:Label id="lblMsg" ForeColor="red" Font-Name="Verdana" Font-Size="10" runat="server" /> 这个页面用来显示一个登录表单以便用户可以提供他们的用户名和密码,并且记录到应用程序中。
4.切换到设计视图,保存这个页面。
(六)编写事件处理代码来验证用户身份
下面这些代码是放在后置代码页里的(Logon.aspx.cs)
1.双击Logon页面打开Logon.aspx.cs文件。
2.在后置代码文件里导入必要的名空间:
using System.Data.SqlClient;
using System.Web.Security; 3.创建一个ValidateUser的函数,通过在数据库中查找用户来验证用户的身份。(请改变数据库连接字符串来指向你的数据库)
private bool ValidateUser( string userName, string passWord )
{
SqlConnection conn;
SqlCommand cmd;
string lookupPassword = null;
// Check for invalid userName.
// userName must not be null and must be between 1 and 15 characters.
if ( ( null == userName ) ¦ ¦ ( 0 == userName.Length ) ¦ ¦ ( userName.Length > 15 ) )
{
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of userName failed." );
return false;
}
// Check for invalid passWord.
// passWord must not be null and must be between 1 and 25 characters.
if ( ( null == passWord ) ¦ ¦ ( 0 == passWord.Length ) ¦ ¦ ( passWord.Length > 25 ) )
{
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of passWord failed." );
return false;
}
try
{
// Consult with your SQL Server administrator for an appropriate connection
// string to use to connect to your local SQL Server.
conn = new SqlConnection( "server=localhost;Integrated Security=SSPI;database=pubs" );
conn.Open();
// Create SqlCommand to select pwd field from users table given supplied userName.
cmd = new SqlCommand( "Select pwd from users where uname=@userName", conn );
cmd.Parameters.Add( "@userName", SqlDbType.VarChar, 25 );
cmd.Parameters["@userName"].Value = userName;
// Execute command and fetch pwd field into lookupPassword string.
lookupPassword = (string) cmd.ExecuteScalar();
// Cleanup command and connection objects.
cmd.Dispose();
conn.Dispose();
}
catch ( Exception ex )
{
// Add error handling here for debugging.
// This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Exception " + ex.Message );
}
// If no password found, return false.
if ( null == lookupPassword )
{
// You could write failed login attempts here to event log for additional security.
return false;
}
// Compare lookupPassword and input passWord, using a case-sensitive comparison.
return ( 0 == string.Compare( lookupPassword, passWord, false ) );
} 4.在cmdLogin_ServerLick事件里使用下面两种方法中的一种来产生表单验证的cookie并将页面转到指定的页面。
下面提供了两种方法的示例代码,根据你的需要来选择。
a)在cmdLogin_ServerClick事件里调用RedirectFromLoginPage方法来自动产生表单验证cookie且将页面定向到一个指定的页面。
private void cmdLogin_ServerClick(object sender,System.EventArgs e)
{
if(ValidateUser(txtUserName.value,txtUserPass.Value))
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPresistCookie.Checked);
else
Response.Redirect("logon.aspx",true);
} b)产生加密验证票据,创建回应的cookie,并且重定向用户。这种方式给了更多的控制权去让你如何去创建cookie,你也可以连同FormsAuthenticationTicket一起包含一些自定义的数据。
private void cmdLogin_ServerClick(object sender,System.EventArgs e)
{
if(ValidateUser(txtUserName.value,txtUserPass.Value))
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt=new FormsAuthenticationTicket(1,txtUserName.value,DateTime.Now,DateTime.Now.AddMinutes(30),chkPersistCookie.Checked,"your custom data"); //创建一个验证票据
cookiestr=FormsAuthentication.Encrypt(tkt);//并且加密票据
ck=new HttpCookie(FormsAuthentication.FormsCookieName,cookiestr);// 创建cookie
if(chkpersistCookie.Checked) //如果用户选择了保存密码
ck.Expires=tkt.Expiratioin;//设置cookie有效期
ck.Path=FormsAuthentication.FormsCookiePath;//cookie存放路径
Response.Cookies.Add(ck);
string strRedirect;
strRedirect=Request["ReturnUrl"];
if(strRedirect==null)
strRedirect="default.aspx";
Response.Redirect(strRedirect,true);
}
else
Reponse.Redirect("logon.aspx",true);
} 5.请确保在InititalizeComponent方法里有如下代码:
this.cmdLogin.ServerClick += new System.EventHandler(this.cmdLogin_ServerClick); (七)创建一个Default.aspx页面
这一节创建一个测试页面用来作为当用户验证完之后重定向到的页面。如果用户第一次没有被记录下来就浏览到这个页,这时用户将被重定向到登录页面。
1.把现有的WebForm1.aspx重命名为Default.aspx,然后在编辑器里打开。
2.切换到HTML视图,复制以下代码到 <form>标签之间:
<input type="submit" Value="SignOut" runat="server" id="cmdSignOut"> 3.切换到设计视图,保存页面。
4.在后置代码里导入必要的名空间:
using System.Web.Security; 5.双击SingOut按钮打开后置代码(Default.aspx.cs),然后把下面代码复制到cmdSingOut_ServerClick事件处理中:
private void cmdSignOut_ServerClick(object sender,System.EventArgs e)
{
FormsAuthentication.SignOut();//注销
Response.Redirect("logon.aspx",true);
} 6.请确认在InititalizeComponent方法中有以下代码:
this.cmdSignOut.ServerClick += new System.EventHandler(this.cmdSignOut_ServerClick); 7.保存编译项目,现在可以运行这个应用程序了。
地下室小红叔 2008-04-16
- 打赏
- 举报
参考文章
-------------------------------
摘要
这篇文章示范了如何实现通过数据库存储用户信息来实现基于表单的验证.
(一)要求
需要以下工具来实现
1.Microsoft Visual Studio.NET
2.Microsoft Internet Information Services(IIS) version 5.0 或者更新
3.Microsoft SQL Server
(二)用C#.NET创建ASP.NET应用程序
1.打开Visual Studio.NET
2.建立一个新的ASP.NET Web应用程序,并且指定名称和路径.
(三)在Web.config文件里配置安全设置
这一节示范了如何通过添加和修改<authentication>和<authorization>节点来配置ASP.NET应用程序以实现基于表单的验证.
1.在解决方案窗口里,打开Web.config文件.
2.把authentication模式改为Forms(注:默认为windows)
3.插入<Forms>标签,并且填入适当的属性.(请链接到在文章最后列出的MSDN文档或者QuickStart文档来查看这些属性)先复制下面的代码,接着再把它粘贴到<authentication>节:
<authentication mode="Forms">
<form name=".ASPXFORMSDEMO" loginUrl="logon.aspx" protection="All" path="/" timeout="30"/>
</authentication>
(注:如果不指定loginUrl,默认为default.aspx)
4.通过加入以下节点实现拒绝匿名访问:
<authentication>
<deny users="?"/>
<allow users="*"/>
</authentication>
(四)创建一个数据库表样例来存放用户资料
这一节示范了如何创建一个示例数据库来存放用户名,密码,和用户角色.如果你想要实现基于角色的安全就有必要在数据库中添加一个存放用户角色的字段.
1.打开记事本。
2.把下面这段脚本复制到记事本然后保存:
if exists (select * from sysobjects where id =
object_id(N'[dbo].[Users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[Users]
GO
CREATE TABLE [dbo].[Users] (
[uname] [varchar] (15) NOT NULL ,
[Pwd] [varchar] (25) NOT NULL ,
[userRole] [varchar] (25) NOT NULL ,
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Users] WITH NOCHECK ADD
CONSTRAINT [PK_Users] PRIMARY KEY NONCLUSTERED
(
[uname]
) ON [PRIMARY]
GO
INSERT INTO Users values('user1','user1','Manager')
INSERT INTO Users values('user2','user2','Admin')
INSERT INTO Users values('user3','user3','User')
GO
3.打开Microsoft SQL Server,打开查询分析器,在数据库列表里选择Pubs数据库,然后把上面的脚本粘贴过来,运行。这时会在Pubs数据库里创建一个将会在这个示例程序中用到的示例用户表。
(五)创建Logon.aspx页面
1.在已创建好的项目里创建一个新的Web 窗体,名为Logon.aspx。
2.在编辑器里打开Logon.aspx,切换到HTML视图。
3.复制下面代码,然后在编辑菜单里“选择粘贴为HTML”选项,插入到<form>标签之间。
<h3>
<font face="Verdana">Logon Page</font>
</h3>
<table>
<tr>
<td>Email:</td>
<td><input id="txtUserName" type="text" runat="server"></td>
<td><ASP:RequiredFieldValidator ControlToValidate="txtUserName"
Display="Static" ErrorMessage="*" runat="server"
ID="vUserName" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input id="txtUserPass" type="password" runat="server"></td>
<td><ASP:RequiredFieldValidator ControlToValidate="txtUserPass"
Display="Static" ErrorMessage="*" runat="server"
ID="vUserPass" />
</td>
</tr>
<tr>
<td>Persistent Cookie:</td>
<td><ASP:CheckBox id="chkPersistCookie" runat="server" autopostback="false" /></td>
<td></td>
</tr>
</table>
<input type="submit" Value="Logon" runat="server" ID="cmdLogin"><p></p>
<asp:Label id="lblMsg" ForeColor="red" Font-Name="Verdana" Font-Size="10" runat="server" />
这个页面用来显示一个登录表单以便用户可以提供他们的用户名和密码,并且记录到应用程序中。
4.切换到设计视图,保存这个页面。
(六)编写事件处理代码来验证用户身份
下面这些代码是放在后置代码页里的(Logon.aspx.cs)
1.双击Logon页面打开Logon.aspx.cs文件。
2.在后置代码文件里导入必要的名空间:
using System.Data.SqlClient;
using System.Web.Security;
3.创建一个ValidateUser的函数,通过在数据库中查找用户来验证用户的身份。(请改变数据库连接字符串来指向你的数据库)
private bool ValidateUser( string userName, string passWord )
{
SqlConnection conn;
SqlCommand cmd;
string lookupPassword = null;
// Check for invalid userName.
// userName must not be null and must be between 1 and 15 characters.
if ( ( null == userName ) || ( 0 == userName.Length ) || ( userName.Length > 15 ) )
{
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of userName failed." );
return false;
}
// Check for invalid passWord.
// passWord must not be null and must be between 1 and 25 characters.
if ( ( null == passWord ) || ( 0 == passWord.Length ) || ( passWord.Length > 25 ) )
{
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of passWord failed." );
return false;
}
try
{
// Consult with your SQL Server administrator for an appropriate connection
// string to use to connect to your local SQL Server.
conn = new SqlConnection( "server=localhost;Integrated Security=SSPI;database=pubs" );
conn.Open();
// Create SqlCommand to select pwd field from users table given supplied userName.
cmd = new SqlCommand( "Select pwd from users where uname=@userName", conn );
cmd.Parameters.Add( "@userName", SqlDbType.VarChar, 25 );
cmd.Parameters["@userName"].Value = userName;
// Execute command and fetch pwd field into lookupPassword string.
lookupPassword = (string) cmd.ExecuteScalar();
// Cleanup command and connection objects.
cmd.Dispose();
conn.Dispose();
}
catch ( Exception ex )
{
// Add error handling here for debugging.
// This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Exception " + ex.Message );
}
// If no password found, return false.
if ( null == lookupPassword )
{
// You could write failed login attempts here to event log for additional security.
return false;
}
// Compare lookupPassword and input passWord, using a case-sensitive comparison.
return ( 0 == string.Compare( lookupPassword, passWord, false ) );
}
(注:这段代码的意思是先判断输入的用户名和密码是否符合一定的条件,如上,如果符合则连接到数据库,并且根据用户名来取出密码并返回密码,最后再判断取出的密码是否为空,如果不为空则再判断取出的密码和输入的密码是否相同,最后的false参数为不区分大小写)
4.在cmdLogin_ServerLick事件里使用下面两种方法中的一种来产生表单验证的cookie并将页面转到指定的页面。
下面提供了两种方法的示例代码,根据你的需要来选择。
a)在cmdLogin_ServerClick事件里调用RedirectFromLoginPage方法来自动产生表单验证cookie且将页面定向到一个指定的页面。
private void cmdLogin_ServerClick(object sender,System.EventArgs e)
{
if(ValidateUser(txtUserName.value,txtUserPass.Value))
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPresistCookie.Checked);
else
Response.Redirect("logon.aspx",true);
}
b)产生加密验证票据,创建回应的cookie,并且重定向用户。这种方式给了更多的控制权去让你如何去创建cookie,你也可以连同FormsAuthenticationTicket一起包含一些自定义的数据。
private void cmdLogin_ServerClick(object sender,System.EventArgs e)
{
if(ValidateUser(txtUserName.value,txtUserPass.Value))
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt=new FormsAuthenticationTicket(1,txtUserName.value,DateTime.Now,DateTime.Now.AddMinutes(30),chkPersistCookie.Checked,"your custom data"); //创建一个验证票据
cookiestr=FormsAuthentication.Encrypt(tkt);//并且加密票据
ck=new HttpCookie(FormsAuthentication.FormsCookieName,cookiestr);// 创建cookie
if(chkpersistCookie.Checked) //如果用户选择了保存密码
ck.Expires=tkt.Expiratioin;//设置cookie有效期
ck.Path=FormsAuthentication.FormsCookiePath;//cookie存放路径
Response.Cookies.Add(ck);
string strRedirect;
strRedirect=Request["ReturnUrl"];
if(strRedirect==null)
strRedirect="default.aspx";
Response.Redirect(strRedirect,true);
}
else
Reponse.Redirect("logon.aspx",true);
}
5.请确保在InititalizeComponent方法里有如下代码:
this.cmdLogin.ServerClick += new System.EventHandler(this.cmdLogin_ServerClick);
(七)创建一个Default.aspx页面
这一节创建一个测试页面用来作为当用户验证完之后重定向到的页面。如果用户第一次没有被记录下来就浏览到这个页,这时用户将被重定向到登录页面。
1.把现有的WebForm1.aspx重命名为Default.aspx,然后在编辑器里打开。
2.切换到HTML视图,复制以下代码到<form>标签之间:
<input type="submit" Value="SignOut" runat="server" id="cmdSignOut">
这个按钮用来注销表单验证会话。
3.切换到设计视图,保存页面。
4.在后置代码里导入必要的名空间:
using System.Web.Security;
5.双击SingOut按钮打开后置代码(Default.aspx.cs),然后把下面代码复制到cmdSingOut_ServerClick事件处理中:
private void cmdSignOut_ServerClick(object sender,System.EventArgs e)
{
FormsAuthentication.SignOut();//注销
Response.Redirect("logon.aspx",true);
}
6.请确认在InititalizeComponent方法中有以下代码:
this.cmdSignOut.ServerClick += new System.EventHandler(this.cmdSignOut_ServerClick);
7.保存编译项目,现在可以运行这个应用程序了。
-------------------------------
摘要
这篇文章示范了如何实现通过数据库存储用户信息来实现基于表单的验证.
(一)要求
需要以下工具来实现
1.Microsoft Visual Studio.NET
2.Microsoft Internet Information Services(IIS) version 5.0 或者更新
3.Microsoft SQL Server
(二)用C#.NET创建ASP.NET应用程序
1.打开Visual Studio.NET
2.建立一个新的ASP.NET Web应用程序,并且指定名称和路径.
(三)在Web.config文件里配置安全设置
这一节示范了如何通过添加和修改<authentication>和<authorization>节点来配置ASP.NET应用程序以实现基于表单的验证.
1.在解决方案窗口里,打开Web.config文件.
2.把authentication模式改为Forms(注:默认为windows)
3.插入<Forms>标签,并且填入适当的属性.(请链接到在文章最后列出的MSDN文档或者QuickStart文档来查看这些属性)先复制下面的代码,接着再把它粘贴到<authentication>节:
<authentication mode="Forms">
<form name=".ASPXFORMSDEMO" loginUrl="logon.aspx" protection="All" path="/" timeout="30"/>
</authentication>
(注:如果不指定loginUrl,默认为default.aspx)
4.通过加入以下节点实现拒绝匿名访问:
<authentication>
<deny users="?"/>
<allow users="*"/>
</authentication>
(四)创建一个数据库表样例来存放用户资料
这一节示范了如何创建一个示例数据库来存放用户名,密码,和用户角色.如果你想要实现基于角色的安全就有必要在数据库中添加一个存放用户角色的字段.
1.打开记事本。
2.把下面这段脚本复制到记事本然后保存:
if exists (select * from sysobjects where id =
object_id(N'[dbo].[Users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[Users]
GO
CREATE TABLE [dbo].[Users] (
[uname] [varchar] (15) NOT NULL ,
[Pwd] [varchar] (25) NOT NULL ,
[userRole] [varchar] (25) NOT NULL ,
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Users] WITH NOCHECK ADD
CONSTRAINT [PK_Users] PRIMARY KEY NONCLUSTERED
(
[uname]
) ON [PRIMARY]
GO
INSERT INTO Users values('user1','user1','Manager')
INSERT INTO Users values('user2','user2','Admin')
INSERT INTO Users values('user3','user3','User')
GO
3.打开Microsoft SQL Server,打开查询分析器,在数据库列表里选择Pubs数据库,然后把上面的脚本粘贴过来,运行。这时会在Pubs数据库里创建一个将会在这个示例程序中用到的示例用户表。
(五)创建Logon.aspx页面
1.在已创建好的项目里创建一个新的Web 窗体,名为Logon.aspx。
2.在编辑器里打开Logon.aspx,切换到HTML视图。
3.复制下面代码,然后在编辑菜单里“选择粘贴为HTML”选项,插入到<form>标签之间。
<h3>
<font face="Verdana">Logon Page</font>
</h3>
<table>
<tr>
<td>Email:</td>
<td><input id="txtUserName" type="text" runat="server"></td>
<td><ASP:RequiredFieldValidator ControlToValidate="txtUserName"
Display="Static" ErrorMessage="*" runat="server"
ID="vUserName" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input id="txtUserPass" type="password" runat="server"></td>
<td><ASP:RequiredFieldValidator ControlToValidate="txtUserPass"
Display="Static" ErrorMessage="*" runat="server"
ID="vUserPass" />
</td>
</tr>
<tr>
<td>Persistent Cookie:</td>
<td><ASP:CheckBox id="chkPersistCookie" runat="server" autopostback="false" /></td>
<td></td>
</tr>
</table>
<input type="submit" Value="Logon" runat="server" ID="cmdLogin"><p></p>
<asp:Label id="lblMsg" ForeColor="red" Font-Name="Verdana" Font-Size="10" runat="server" />
这个页面用来显示一个登录表单以便用户可以提供他们的用户名和密码,并且记录到应用程序中。
4.切换到设计视图,保存这个页面。
(六)编写事件处理代码来验证用户身份
下面这些代码是放在后置代码页里的(Logon.aspx.cs)
1.双击Logon页面打开Logon.aspx.cs文件。
2.在后置代码文件里导入必要的名空间:
using System.Data.SqlClient;
using System.Web.Security;
3.创建一个ValidateUser的函数,通过在数据库中查找用户来验证用户的身份。(请改变数据库连接字符串来指向你的数据库)
private bool ValidateUser( string userName, string passWord )
{
SqlConnection conn;
SqlCommand cmd;
string lookupPassword = null;
// Check for invalid userName.
// userName must not be null and must be between 1 and 15 characters.
if ( ( null == userName ) || ( 0 == userName.Length ) || ( userName.Length > 15 ) )
{
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of userName failed." );
return false;
}
// Check for invalid passWord.
// passWord must not be null and must be between 1 and 25 characters.
if ( ( null == passWord ) || ( 0 == passWord.Length ) || ( passWord.Length > 25 ) )
{
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of passWord failed." );
return false;
}
try
{
// Consult with your SQL Server administrator for an appropriate connection
// string to use to connect to your local SQL Server.
conn = new SqlConnection( "server=localhost;Integrated Security=SSPI;database=pubs" );
conn.Open();
// Create SqlCommand to select pwd field from users table given supplied userName.
cmd = new SqlCommand( "Select pwd from users where uname=@userName", conn );
cmd.Parameters.Add( "@userName", SqlDbType.VarChar, 25 );
cmd.Parameters["@userName"].Value = userName;
// Execute command and fetch pwd field into lookupPassword string.
lookupPassword = (string) cmd.ExecuteScalar();
// Cleanup command and connection objects.
cmd.Dispose();
conn.Dispose();
}
catch ( Exception ex )
{
// Add error handling here for debugging.
// This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine( "[ValidateUser] Exception " + ex.Message );
}
// If no password found, return false.
if ( null == lookupPassword )
{
// You could write failed login attempts here to event log for additional security.
return false;
}
// Compare lookupPassword and input passWord, using a case-sensitive comparison.
return ( 0 == string.Compare( lookupPassword, passWord, false ) );
}
(注:这段代码的意思是先判断输入的用户名和密码是否符合一定的条件,如上,如果符合则连接到数据库,并且根据用户名来取出密码并返回密码,最后再判断取出的密码是否为空,如果不为空则再判断取出的密码和输入的密码是否相同,最后的false参数为不区分大小写)
4.在cmdLogin_ServerLick事件里使用下面两种方法中的一种来产生表单验证的cookie并将页面转到指定的页面。
下面提供了两种方法的示例代码,根据你的需要来选择。
a)在cmdLogin_ServerClick事件里调用RedirectFromLoginPage方法来自动产生表单验证cookie且将页面定向到一个指定的页面。
private void cmdLogin_ServerClick(object sender,System.EventArgs e)
{
if(ValidateUser(txtUserName.value,txtUserPass.Value))
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPresistCookie.Checked);
else
Response.Redirect("logon.aspx",true);
}
b)产生加密验证票据,创建回应的cookie,并且重定向用户。这种方式给了更多的控制权去让你如何去创建cookie,你也可以连同FormsAuthenticationTicket一起包含一些自定义的数据。
private void cmdLogin_ServerClick(object sender,System.EventArgs e)
{
if(ValidateUser(txtUserName.value,txtUserPass.Value))
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt=new FormsAuthenticationTicket(1,txtUserName.value,DateTime.Now,DateTime.Now.AddMinutes(30),chkPersistCookie.Checked,"your custom data"); //创建一个验证票据
cookiestr=FormsAuthentication.Encrypt(tkt);//并且加密票据
ck=new HttpCookie(FormsAuthentication.FormsCookieName,cookiestr);// 创建cookie
if(chkpersistCookie.Checked) //如果用户选择了保存密码
ck.Expires=tkt.Expiratioin;//设置cookie有效期
ck.Path=FormsAuthentication.FormsCookiePath;//cookie存放路径
Response.Cookies.Add(ck);
string strRedirect;
strRedirect=Request["ReturnUrl"];
if(strRedirect==null)
strRedirect="default.aspx";
Response.Redirect(strRedirect,true);
}
else
Reponse.Redirect("logon.aspx",true);
}
5.请确保在InititalizeComponent方法里有如下代码:
this.cmdLogin.ServerClick += new System.EventHandler(this.cmdLogin_ServerClick);
(七)创建一个Default.aspx页面
这一节创建一个测试页面用来作为当用户验证完之后重定向到的页面。如果用户第一次没有被记录下来就浏览到这个页,这时用户将被重定向到登录页面。
1.把现有的WebForm1.aspx重命名为Default.aspx,然后在编辑器里打开。
2.切换到HTML视图,复制以下代码到<form>标签之间:
<input type="submit" Value="SignOut" runat="server" id="cmdSignOut">
这个按钮用来注销表单验证会话。
3.切换到设计视图,保存页面。
4.在后置代码里导入必要的名空间:
using System.Web.Security;
5.双击SingOut按钮打开后置代码(Default.aspx.cs),然后把下面代码复制到cmdSingOut_ServerClick事件处理中:
private void cmdSignOut_ServerClick(object sender,System.EventArgs e)
{
FormsAuthentication.SignOut();//注销
Response.Redirect("logon.aspx",true);
}
6.请确认在InititalizeComponent方法中有以下代码:
this.cmdSignOut.ServerClick += new System.EventHandler(this.cmdSignOut_ServerClick);
7.保存编译项目,现在可以运行这个应用程序了。
benbenkui 2008-04-16
- 打赏
- 举报
帮顶只给1分哦
秋水与长天一色 2008-04-16
- 打赏
- 举报
帮顶
benbenkui 2008-04-16
- 打赏
- 举报
早上发帖子的人太多,一会又埋了。200分的帖子啊。
网站分3中角色,admin,guest,nomal.只能访问自己所属的页面。
网站主页:default.aspx (允许匿名访问)
登陆页面:login.aspx
admin权限的:admin.aspx
guest权限的:guest.aspx
nomal权限的:nomal.aspx
请大家写出在webconfig的配置和cs文件的写法。分不够,再加。只求透彻,不想再被这种问题困扰。
如果有现成的模板,也可以发我的邮箱。hugebenz@126.com
叩谢。。。。
网站分3中角色,admin,guest,nomal.只能访问自己所属的页面。
网站主页:default.aspx (允许匿名访问)
登陆页面:login.aspx
admin权限的:admin.aspx
guest权限的:guest.aspx
nomal权限的:nomal.aspx
请大家写出在webconfig的配置和cs文件的写法。分不够,再加。只求透彻,不想再被这种问题困扰。
如果有现成的模板,也可以发我的邮箱。hugebenz@126.com
叩谢。。。。
benbenkui 2008-04-16
- 打赏
- 举报
差不多了,现在我把具体的要求写出来。借大家的手,一次把用户的访问弄透彻。在此先谢谢大家谢谢。
网站分3中角色,admin,guest,nomal.只能访问自己所属的页面。
网站主页:default.aspx
登陆页面:login.aspx
admin权限的:admin.aspx
guest权限的:guest.aspx
nomal权限的:nomal.aspx
请大家写出在webconfig的配置和cs文件的写法。分不够,再加。只求透彻,不想再被这种问题困扰。
如果有现成的模板,也可以发我的邮箱。hugebenz@126.com
叩谢。。。。
网站分3中角色,admin,guest,nomal.只能访问自己所属的页面。
网站主页:default.aspx
登陆页面:login.aspx
admin权限的:admin.aspx
guest权限的:guest.aspx
nomal权限的:nomal.aspx
请大家写出在webconfig的配置和cs文件的写法。分不够,再加。只求透彻,不想再被这种问题困扰。
如果有现成的模板,也可以发我的邮箱。hugebenz@126.com
叩谢。。。。
benbenkui 2008-04-16
- 打赏
- 举报
再顶
benbenkui 2008-04-16
- 打赏
- 举报
帖子已经沉了,我把它顶起来。
喜受写代码的小强 2008-04-14
- 打赏
- 举报
学习
加载更多回复(8)
