1

我是 ASP.Net 和 C# 的新手。我想用 C# 执行登录,然后想重定向到 HTML 文件。此 HTML 是 SuperGIS 服务器起始页。

我正在使用这样的东西:

    <%@ Page Language="C#" Debug="true" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <script runat="server">

    protected void btnlogin_Click(object sender, EventArgs e)
    {
    if(some code to check username and password exist in DB)
        Response.Redirect("http://localhost/AddMarker/MapEditor.htm");
        else
         Response.Redirect("http://localhost/AddMarker/Login.aspx");

    }

    </script>


<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Login Page</title>
</head>
<body>
    <form id="form1" runat="server">

    <div>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
        Sign In<br />
        <br />
<asp:Label ID="lblUsername" runat="server" Text="Username"></asp:Label>
&nbsp;&nbsp;&nbsp;&nbsp;
<asp:TextBox ID="txtUsername" runat="server"></asp:TextBox>
        <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 

        <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate = "txtUsername"
            ErrorMessage="This Feild is Mendetory"></asp:RequiredFieldValidator>
<br />
<br />
<asp:Label ID="lblPassword" runat="server" Text="Password"></asp:Label>
&nbsp;&nbsp;&nbsp;&nbsp;
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
<br />
<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<asp:Button ID="btnlogin" runat="server" Text="Login" onclick="btnlogin_Click" 
Width="47px" />
&nbsp;
<br />

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</div>

    </form>
    <a href="forgetpass.aspx">Forgt Password</a><br>
    <a href="Create.aspx">New User</a>
</body>
</html>

此代码将重定向到所需的目的地。但那时 url 将是
-->"http://localhost/AddMarker/MapEditor.htm"

这是由于代码:Response.Redirect("http://localhost/AddMarker/MapEditor.htm");

因此,任何人都可以复制此 URL 并无需身份验证即可访问此服务。

那么我可以创建一些动态 URL,如果不提供正确的 ID 和密码就无法使用。

请帮我。提前致谢。

4

4 回答 4

1

You can use session state to store if a user is authenticated.

if(some code to check username and password exist in DB) 
{
    HttpContext.Current.Session("UserIsAuthenticated") = True
    Response.Redirect("http://localhost/AddMarker/MapEditor.htm"); 
}

You can set your session time in web.config so that you only stay authenticated for a certain amount of time. Then in the load event of the pages where you need to be authenticated use this:

if (HttpContext.Current.Session("UserIsAuthenticated") == null)
   //User needs to login
   Response.Redirect("Login.aspx")
else if(!HttpContext.Current.Session("UserIsAuthenticated"))
   //User needs to login
   Response.Redirect("Login.aspx")

You could also do this with cookies, but I would recomend not doing this where possible due to the new leigislations with cookies.

于 2012-10-09T11:16:42.413 回答
0

I think the best way would be using ASP .Net in your MapEditor.htm to check the access. When the user is authenticated you store in the Session your flag. Then, you check this flag always in your MapEditor.aspx

于 2012-10-09T11:21:26.320 回答
0

您应该将您的登录状态检查放在 Global.asax 中。使用 Application_BeginRequest 之类的事件之一来查看用户是否已登录,如果没有则重定向。您需要确保用户尝试打开的页面不是登录页面,否则它将无法正常工作。

更新:这是我在母版页中使用的一些代码,效果很好。如果您不使用母版页,那么只要将其放置在正确的位置,Global.asax 就会起作用。

请注意,此代码用于检查用户是否在特定的域组中,因为该站点正在使用 Windows 身份验证。您可以换出验证用户所需的任何方法。此外,我的 NoAccess 页面中的 AccessException bool 设置为 true,以便实际显示。最后,检查被缓存,所以我们不必继续检查它。

public bool AccessException;

protected void Page_Load(object sender, EventArgs e)
{
    UpdateNavigation();

    if (!HasAccess() && !AccessException)
    {
        Response.Redirect("~/NoAccess.aspx", true);
    }
}

/// <summary>
/// Check domain group membership to make sure the user is allowed to use the web site; redirect if not.
/// </summary>
/// <returns>True if the user has access to the site</returns>
private bool HasAccess()
{
    if (Page.Cache["hasAccess"] == null)
    {
        List<string> userDomainGroups = Common.GetUserDomainGroups(Request.LogonUserIdentity);
        string permittedGroups = ConfigurationManager.AppSettings["AllowedGroups"];

        Page.Cache["hasAccess"] = userDomainGroups.Where(permittedGroups.Contains).Count() != 0; ;
    }

    return (bool)Page.Cache["hasAccess"];
}
于 2012-10-09T11:23:53.743 回答