0

我将如何添加到下面的代码中以检查用户是否存在于数据库中,以及该帐户是否存在以检查它是否处于非活动状态或禁用状态?如果其中任何一个为真..然后注销并将用户重定向到登录页面。

我遇到了一个问题,如果保存了 aspx auth cookie .. 但用户帐户被删除或设置为非活动 .. 用户仍然可以登录。

Protected Sub Page_Init(sender As Object, e As System.EventArgs) Handles Me.Init

    If User.Identity.IsAuthenticated Then
        Response.Redirect("~/homepage")
    End If

End Sub

谢谢你的帮助。

4

2 回答 2

1

尝试这个

 If User.Identity.IsAuthenticated Then
     MembershipUser currentuser = Membership.GetUser()
     If currentuser IsNot Nothing And currentuser.IsApproved = True Then

        Response.Redirect("~/homepage")
     End If
 End If
于 2013-08-10T23:47:15.863 回答
1

你的问题 ::

I am running into an issue that if the aspx auth cookie is saved .. but the user 
account is deleted or set inactive .. the user can still login.

IsAuthenticated即使用户被删除,也会为用户返回 true。发生这种情况是因为它只检查仍在他们系统上的身份验证 cookie。

您需要在您的注销功能中删除身份验证 cookie,如下所示。例如,假设您放置了一个注销按钮。在注销按钮单击中添加以下代码。

Protected Sub btnLogOutAction_Click(sender As Object, e As EventArgs)
    FormsAuthentication.Signout()
    ' check your own supplied cookie name. Default name is .ASPXAUTH
    If Request.Cookies(".ASPXAUTH") IsNot Nothing Then
        Dim myCookie As New HttpCookie(".ASPXAUTH")
        myCookie.Expires = DateTime.Now.AddDays(-1.0)
        myCookie.Domain = "test.com"
        Response.Cookies.Add(myCookie)
    End If
End Sub

2.) 问题::

to see that the user exists in the database, and if the account does exist to 
check if it is inactive or disabled

这个问题可以有很多可能的情况。让我们看看其中的3个

CASE I::如果用户已登录但几分钟内没有活动,默认情况下 20 分钟后,ASP.NET 将清理用户会话,当它清理时,它会触发一个Session_End可以在Global.asax. 然后,您可以将此用户标记为数据库中的非活动用户,或根据要求执行您想要运行的任何代码。

Case II::

我使用设置IsApproved为 False 来禁用用户。

Dim user As MembershipUser = Membership.GetUser("Yourusername")
If user IsNot Nothing Then
    user.IsApproved = False
    Membership.UpdateUser(user)
End If

现在您可以将其检查为:

Dim check As New SqlCommand("SELECT Count(*) FROM [Users] WHERE Username='" & username & "'", Connect)

Dim exist As Integer = CInt(check.ExecuteScalar())
'  greater than zero means user exists in database
   If exist > 0 Then
    ' Now check if user is disabled OR not approved
       Dim user As MembershipUser = Membership.GetUser("Yourusername")
       If user IsNot Nothing Then
           If user.IsApproved = False Then
                     FormsAuthentication.RedirectToLoginPage()
           End If
        End If
   End If

CASE III:使用 ProfileManager 类

使用下面的示例代码作为参考。我们可以使用 ProfileManager 类方法检查用户是否自某个日期以来处于非活动状态。阅读MSDN 

Dim check As New SqlCommand("SELECT Count(*) FROM [Users] WHERE Username='" & username & "'", Connect)

Dim exist As Integer = CInt(check.ExecuteScalar())
'  greater than zero means user exists in database
   If exist > 0 Then
    ' Now check if user is marked inactive
 ProfileInfoCollection profiles;
 profiles =  ProfileManager.FindInactiveProfilesByUserName   
 (ProfileAuthenticationOption.Authenticated,UserName, userInactiveSinceDate)
         If profiles("UserName") IsNot Nothing Then
           FormsAuthentication.RedirectToLoginPage()
         Else
            ' Code to run if user exists in database and is also active 
         End If

   End If
于 2013-08-11T04:43:39.473 回答