62,074
社区成员
发帖
与我相关
我的任务
分享asp.net mvc 中的页面验证跳转问题
我在Logon.asp登陆页面做了些验证,只有通过验证的才能跳转到UserHomePage成功页面。但是现在出现了一个问题:就是在地址栏里直接打开UserHomePage页面,也是可以的。逃过了验证,这是怎么回事啊??
Login.asp 页面
<form id="form1" action="/Users/Check" method="post" >
<tr>
<td align="right" width="270">
<span>用户名:</span>
</td>
<td align="left" width="270">
<input type="text" name="username" id="username" style="height: 28px; width: 142px" />
<label class="hide" id="name">
</label>
</td>
</tr>
<tr>
<td align="right" width="270">
<span>密 码:</span>
</td>
<td align="left">
<input type="password" name="pas" id="pas" style="height: 28px; width: 143px" />
<label class="hide" id="pass">
</label>
</td>
</tr>
<tr>
<td align="center" colspan="2" height="40">
<input id="submit" style="border-right: #c8ecff 1px solid;
border-top: #c8ecff 1px solid; border-left: #c8ecff 1px solid; width: 75px; border-bottom: #c8ecff 1px solid;
background-color: #e1f2ff"
type="submit" value="登录" name="logon"/>
<span lang="zh-cn">
<input id="reset" name="reset" style="border-right: #c8ecff 1px solid; border-top: #c8ecff 1px solid;
border-left: #c8ecff 1px solid; width: 75px; border-bottom: #c8ecff 1px solid;
background-color: #e1f2ff" type="reset" value="取消"/></span>
</td>
</tr>
Users/check 代码
public ActionResult Check(FormCollection collection)2011-6-6
{
User u = ur.GetUser(collection["username"]);
if (u == null)
{
Response.Write(" <script type='text/javascript'> alert('用户名或密码错误!') </Script>");
return View("Logon");
}
else
{
if (u.States == "2" || u.States == null)
{
Response.Write(" <script type='text/javascript'> alert('用户名失效!') </Script>");
return View("Logon");
}
else
{
if (collection["username"].Equals(u.UserName) && collection["pas"].Equals(u.Password))
{
if (u.UserType == "0")
{
Session["username"] = u.UserName;
Response.Write("<script type='text/javascript'> alert('恭喜,登录成功!') </script>");
return RedirectToAction("UserHomePage");
}
else
{
Session["username"] = u.UserName;
return RedirectToAction("Index", "Admin");
}
}
else
{
Response.Write("<script type='text/javascript'> alert('用户名或密码错误!'); </Script>");
return View("Logon");
}
}
}
}
UserhomePage页面
<asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server">
UserHomePage
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<div id = "HomePage">
<%Html.RenderPartial("HPage"); %>
</div>
</asp:Content>
Login.asp 页面
<form id="form1" action="/Users/Check" method="post" >
<tr>
<td align="right" width="270">
<span>用户名:</span>
</td>
<td align="left" width="270">
<input type="text" name="username" id="username" style="height: 28px; width: 142px" />
<label class="hide" id="name">
</label>
</td>
</tr>
<tr>
<td align="right" width="270">
<span>密 码:</span>
</td>
<td align="left">
<input type="password" name="pas" id="pas" style="height: 28px; width: 143px" />
<label class="hide" id="pass">
</label>
</td>
</tr>
<tr>
<td align="center" colspan="2" height="40">
<input id="submit" style="border-right: #c8ecff 1px solid;
border-top: #c8ecff 1px solid; border-left: #c8ecff 1px solid; width: 75px; border-bottom: #c8ecff 1px solid;
background-color: #e1f2ff"
type="submit" value="登录" name="logon"/>
<span lang="zh-cn">
<input id="reset" name="reset" style="border-right: #c8ecff 1px solid; border-top: #c8ecff 1px solid;
border-left: #c8ecff 1px solid; width: 75px; border-bottom: #c8ecff 1px solid;
background-color: #e1f2ff" type="reset" value="取消"/></span>
</td>
</tr>
Users/check 代码
public ActionResult Check(FormCollection collection)2011-6-6
{
User u = ur.GetUser(collection["username"]);
if (u == null)
{
Response.Write(" <script type='text/javascript'> alert('用户名或密码错误!') </Script>");
return View("Logon");
}
else
{
if (u.States == "2" || u.States == null)
{
Response.Write(" <script type='text/javascript'> alert('用户名失效!') </Script>");
return View("Logon");
}
else
{
if (collection["username"].Equals(u.UserName) && collection["pas"].Equals(u.Password))
{
if (u.UserType == "0")
{
Session["username"] = u.UserName;
Response.Write("<script type='text/javascript'> alert('恭喜,登录成功!') </script>");
return RedirectToAction("UserHomePage");
}
else
{
Session["username"] = u.UserName;
return RedirectToAction("Index", "Admin");
}
}
else
{
Response.Write("<script type='text/javascript'> alert('用户名或密码错误!'); </Script>");
return View("Logon");
}
}
}
}
UserhomePage页面
<asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server">
UserHomePage
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<div id = "HomePage">
<%Html.RenderPartial("HPage"); %>
</div>
</asp:Content>
...全文
请发表友善的回复…
发表回复
子夜__ 2011-06-07
- 打赏
- 举报
你要在每个页面判断用户是否可以直接通过URL登陆。
renyiqiu 2011-06-06
- 打赏
- 举报
在登记时, 验证数据库, 如果验证成功, 则做一个session变量出来.
以后只要判断该变量的值就知道了有没有登记了.
以后只要判断该变量的值就知道了有没有登记了.
threenewbee 2011-06-06
- 打赏
- 举报
在 UserHomePage 前面放上一个过滤器。
如果你使用内置的认证,你可以加上[Authorize]。
如果你使用内置的认证,你可以加上[Authorize]。
BenBenCode 2011-06-06
- 打赏
- 举报
在UserhomePage页面 Page_Load里加判断
if(Session["username"] ==null)
{
return View("Logon");
}
if(Session["username"] ==null)
{
return View("Logon");
}
