0

在使用 vb.net 登录控件时,我是新手,所以请耐心等待...

Tp start 我正在使用 ASP.net 4.0 和 vb.net。

好的,所以我有一个简单的登录控件,可以根据 sql 数据库验证用户。(我使用 hostgator 托管,所以我不能使用普通的 Windows 身份验证)。现在我遇到的最大问题是,如果会话超时并且您被重定向到登录页面,那么您在登录表单中输入的用户名/密码无关紧要,即使用户名和密码错误或用户不存在?

如何确保登录控件真正对用户进行身份验证?

任何帮助是极大的赞赏。谢谢!

Public strLoginErrorMsg As String
Public type As String
Public rowcount As String

Protected Sub login_sbts_Authenticate(sender As Object, e As      System.Web.UI.WebControls.AuthenticateEventArgs) Handles login_sbts.Authenticate
    Dim bauthenticated As Boolean = False
    bauthenticated = isValidUser(login_sbts.UserName, login_sbts.Password)

    If bauthenticated Then

        e.Authenticated = True
    Else
        e.Authenticated = False
    End If
    lblInfo.Text = type
    FormsAuthentication.RedirectFromLoginPage(Me.login_sbts.UserName, True)

    If type = "ADMIN" Then
        Response.Redirect("dailynote.aspx")
    Else
        Response.Redirect("other.aspx")
    End If

End Sub

Private Function isValidUser(ByVal username As String, ByVal pwd As String) As [Boolean]

    Dim con As New SqlConnection("Data Source=localhost;Initial Catalog=sbts-scheduling;User ID=userid;Password=password;")
    Dim cmd As New SqlCommand("select * from tblusers where UserName='" & username & "' and Password='" & pwd & "'")
    cmd.Connection = con
    Dim dt As New DataTable()
    Dim da As New SqlDataAdapter(cmd)
    con.Open()
    da.Fill(dt)
    con.Close()
    If dt.Rows.Count = 0 Then
        strLoginErrorMsg = "Invalid User Name/Password"
        dt.Dispose()
        Return False
    Else
        type = dt.Rows(0).Item("UserType").Trim()
        Session("usertype") = type

    End If
    Return True



End Function

Protected Sub login_sbts_LoginError(sender As Object, e As System.EventArgs) Handles login_sbts.LoginError
    login_sbts.FailureText = strLoginErrorMsg
End Sub
4

1 回答 1

0

实际上..问题可能在于您对 FormsAuthentication.RedirectFromLoginPage 的调用.. 我冒昧地清理了您的代码。我还在您的身份验证方法中添加了 FormsAuthentication.SetAuthCookie.. 该 cookie 的名称和持续时间将在您的 web.config 文件中配置.. 或您的“配置设置”。

除非您愿意继承、清除和替换 ASP.NET 默认的 FormAuthenticationModule.. 您将不得不部分依赖 web.config 配置设置。

Public strLoginErrorMsg As String
Public type As String
Public rowcount As String

Protected Sub login_sbts_Authenticate(sender As Object, e As      System.Web.UI.WebControls.AuthenticateEventArgs) Handles login_sbts.Authenticate
    If isValidUser(login_sbts.UserName, login_sbts.Password) Then
        e.Authenticated = True
        FormsAuthentication.SetAuthCookie(login_sbts.UserName, false, "/")    
        lblInfo.Text = type

        If type = "ADMIN" Then
            Response.Redirect("dailynote.aspx")
        Else
            FormsAuthentication.RedirectFromLoginPage(Me.login_sbts.UserName, True)
            'Response.Redirect("other.aspx")
        End If
    Else
        e.Authenticated = false
    End If
End Sub

Private Function isValidUser(ByVal username As String, ByVal pwd As String) As Boolean
    isValidUser = False
    Dim conn As New SqlConnection("Data Source=localhost;Initial Catalog=sbts-scheduling;User ID=userid;Password=password;")
    Dim cmd As New SqlCommand("select * from tblusers where UserName='" & username & "' and Password='" & pwd & "'", conn)
    Using conn
        conn.open
        Using reader As system.data.sqlclient.SqlDataReader = comm.ExecuteReader
           If reader.Count > 0 Then
                'Not Checking for multible records here.
                While reader.read
                    If Not( IsDBNull(reader("UserType")) Then
                        Session("usertype") = reader("UserType").Trim()
                        IsValidUser = True
                    End If
                End While
            End If
        End Using
        If Not( conn.State = State.Close) Then
            conn.Close
        End If
    End Using
End Function

Protected Sub login_sbts_LoginError(sender As Object, e As System.EventArgs) Handles login_sbts.LoginError
    login_sbts.FailureText = strLoginErrorMsg
End Sub

我建议您考虑继承 MembershipProvider。它使使用 asp 服务器标签更容易一些,因为您只需在标签的属性中指定您的提供程序。(在您在 web.config、app.config.. 或通过 IIS 中正确引用和配置它之后(将需要放置在 Global Cache Assembly 和所有其他循环中才能成为受信任的提供者。)

于 2013-07-12T05:34:21.010 回答