3

不幸的是,我在网上找到的所有带有自定义角色和成员资格提供程序的表单身份验证代码示例都是用 VB.NET 代码编写的,我需要一个 C# 代码。请帮忙!!!!

我需要一个可以执行以下操作的代码隐藏:

  • 在登录按钮单击时验证用户身份
  • 如果用户 active_flag=0 (false) 或密码!=@password,则显示错误:“访问被拒绝”
  • 如果用户 admin_flag=1 & active flag=1 (true),重定向到 admin_pages\zipsearch.aspx
  • 如果用户 admin_flag=0 (false) & active_flag=1 (true),重定向到 pages\zipsearch.aspx

默认.aspx 代码:

    <asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false">
    <LayoutTemplate>
        <span class="failureNotification">
            <asp:Literal ID="FailureText" runat="server"></asp:Literal>
        </span>
        <asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="failureNotification" 
             ValidationGroup="LoginUserValidationGroup"/>
        <div class="accountInfo">
            <fieldset class="login">
                <legend>Account Information</legend>
                <p>
                    <asp:Label ID="usernameLabel" runat="server" AssociatedControlID="username">Username:</asp:Label>
                    <asp:TextBox ID="username" runat="server" CssClass="textEntry"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="username" 
                         CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required." 
                         ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                </p>
                <p>
                    <asp:Label ID="passwordLabel" runat="server" AssociatedControlID="password">Password:</asp:Label>
                    <asp:TextBox ID="password" runat="server" CssClass="passwordEntry" TextMode="password"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="passwordRequired" runat="server" ControlToValidate="password" 
                         CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required." 
                         ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                </p>
                <p>
                    <asp:CheckBox ID="RememberMe" runat="server"/>
                    <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
                </p>
            </fieldset>
            <p class="submitButton">
                <asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
            </p>
        </div>
    </LayoutTemplate>
</asp:Login>

Web.config 文件:

<authentication mode="Forms">
  <forms loginUrl="~/default.aspx" timeout="2880" />
</authentication>

  <membership>
  <providers>
    <clear/>
      <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="OleConnectionStringSource"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />  
  </providers>
</membership> 

<profile>
  <providers>
    <clear/>
   <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/> 
  </providers>
</profile>

<roleManager enabled="false">
  <providers>
    <clear/>
      <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> 
  </providers>
</roleManager>

Default.aspx.cs 后面的代码:

namespace ACAWebApplication
{
  public partial class _Default : System.Web.UI.Page
  { 
     protected void Page_Load(object sender, EventArgs e)
     {
       RegisterHyperLink.NavigateUrl = "Register.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);

       // authenticate user
       // if user active_flag=0 (false) OR password!=@password, display error: "Access Denied" 

       // if user admin_flag=1 & active flag=1 (true), redirect to admin_pages\zipsearch.aspx
       // if user admin_flag=0 (false) & active_flag=1 (true), redirect to pages\zipsearch.aspx

      }
   }
 }

提前非常感谢!:)

4

1 回答 1

10

从这里开始,您可以使用登录方法:

protected void LoginButton_Click(object sender, EventArgs e)
{
 // Validate the user against the Membership framework user store
 if (Membership.ValidateUser(UserName.Text, Password.Text))
 {
 // Log the user into the site
 FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
 }
 // If we reach here, the user's credentials were invalid
 InvalidCredentialsMessage.Visible = true;
}

您可以在身份验证方法中检查用户凭据:

protected void myLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
 // Get the email address entered
 TextBox EmailTextBox = myLogin.FindControl("Email") as TextBox;
 string email = EmailTextBox.Text.Trim();

 // Verify that the username/password pair is valid
 if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
 {
 // Username/password are valid, check email
 MembershipUser usrInfo = Membership.GetUser(myLogin.UserName);
 if (usrInfo != null && string.Compare(usrInfo.Email, email, true) == 0)
 {
 // Email matches, the credentials are valid
 e.Authenticated = true;
 }
 else
 {
 // Email address is invalid...
 e.Authenticated = false;
 }
 }
 else
 {
 // Username/password are not valid...
 e.Authenticated = false;
 }
}

对于取决于特定角色的重定向,请使用以下代码:

protected void Login1_LoggedIn(object sender, EventArgs e)
{
    if (Roles.IsUserInRole(Login1.UserName, "Admin"))
    {
         Response.Redirect("~/Admin/Default.aspx");
    }
    else if (Roles.IsUserInRole(Login1.UserName, "User"))
    {
         Response.Redirect("~/User/Default.aspx");
    }
    else if (Roles.IsUserInRole(Login1.UserName, "Viewer"))
    {
         Response.Redirect("~/Viewer/Default.aspx");
    }
    else
    {
         Response.Redirect("~/Login.aspx");
    }
}

编辑:

这是应该为您工作的解决方案,不是最好的代码,但仍然可以。

因此,首先您使用 DestinationPageUrl 标记配置您的登录控件,如下所示:

<asp:Login 
  ID="Login1" 
  runat="server" 
  DestinationPageUrl="~/admin_pages/zipsearch.aspx">
</asp:Login>

然后在您的 LoginButton_Click 方法中:

 protected void LoginButton_Click(object sender, EventArgs e)
    {
     // Validate the user against the Membership framework user store
    if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
     {
     // Username/password are valid, check email
     MembershipUser currentUser = Membership.GetUser(myLogin.UserName);

        if (currentUser != null)
        {
            if (admin_flag == true)
              {
                     FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
            }
           else
              {
              // If we reach here, the user's credentials were invalid -> your access is denied message
             InvalidCredentialsMessage.Visible = true;
            }
        }
      }
      //if code goes here validation of user failed        
    }
于 2011-03-08T16:15:04.837 回答