我试图让我的主页安全地访问没有登录的页面,并且已经阅读了很多关于身份验证/授权的内容。
第一个问题是,即使没有登录,我仍然可以访问我的 home.aspx。我已将授权设置为拒绝用户,但它仍然有效。
第二个问题是我把一个 defualtUrl 放到 Hom 因为我希望用户在正确登录后被重定向到该页面,但它仍然搜索 /defualt 页面....
希望可以有人帮帮我。
这是一些代码..
登录+后台代码
<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
<form id="form1" runat="server">
<br />
<table>
<tr>
<td>
Benutzer:</td>
<td>
<asp:TextBox ID="Username" runat="server" Width="120px" /></td>
<td>
<asp:RequiredFieldValidator ID="RequiredFieldValidator1"
ControlToValidate="Username"
Display="Dynamic"
ErrorMessage="Bitte Benutzer eingeben"
runat="server" />
</td>
</tr>
<tr>
<td>
Passwort:</td>
<td>
<asp:TextBox ID="Password" TextMode="Password"
runat="server" Width="120px" />
</td>
<td>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2"
ControlToValidate="Password"
ErrorMessage="Bitte Passwort eingeben"
runat="server" />
</td>
</tr>
</table>
<asp:Button ID="btnLogin" OnClick="btnLogin_Click" Text="Einloggen"
runat="server" />
<p>
<asp:Label ID="Msg" ForeColor="red" runat="server" />
</p>
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
DataLayer.DataConnector dat = new DataLayer.DataConnector("Provider=SQLOLEDB; data source=rzwsrv010;database=event;user ID=event;password=event; Persist Security Info=False");
DataTable dt = dat.DataSelect("select UserID from login where Username = '" + Username.Text.Replace("'", "''") + "' and Password = '" + Password.Text.Replace("'", "''") + "'");
if (dt.Rows.Count > 0)
{
FormsAuthentication.RedirectFromLoginPage(Username.Text, false);
}
else
{
Msg.Text = "Falsche Benutzer oder Passwort";
}
}
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
DataLayer.DataConnector dat = new DataLayer.DataConnector("Provider=SQLOLEDB; data source=rzwsrv010;database=event;user ID=event;password=event; Persist Security Info=False");
DataTable dt = dat.DataSelect("select UserID from login where Username = '" + Username.Text.Replace("'", "''") + "' and Password = '" + Password.Text.Replace("'", "''") + "'");
if (dt.Rows.Count > 0)
{
FormsAuthentication.RedirectFromLoginPage(Username.Text, false);
}
else
{
Msg.Text = "Falsche Benutzer oder Passwort";
}
}
<?xml version="1.0" encoding="utf-8"?>