forms验证问题!
本人正在做一个登录的验证,主要用forms,
web.config如下:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="index.aspx" protection="All" timeout="30"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"></deny>
</authorization>
</system.web>
</configuration>
login.asp
<% @ Page Language="C#" %>
<% @ Import Namespace="System.Data" %>
<% @ Import Namespace="System.Data.OleDb" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>验证</title>
</head>
<%
OleDbConnection MyConn;
//连接语句
string user=Request.Form["user"];
string pwd=Request.Form["pwd"];
// Response.Write(user+pwd);
string MyConnString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="+Server.MapPath(".")+"..\\data\\data.mdb;";
MyConn=new OleDbConnection(MyConnString);
string sqlstr="select * from admin where username = '"+user+"' and pwd='"+pwd+"'";
OleDbCommand MyComm=new OleDbCommand(sqlstr,MyConn);
MyConn.Open();
OleDbDataReader reader;
reader= MyComm.ExecuteReader();
if (reader.Read())
{
// Session["userName"]=user;
//Response.Write(Session["userName"].ToString());
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False);
// Response.Redirect("loginok.aspx");
}
else
{
Response.Write("<script language=javascript>alert('用户名或密码错误!');</script>");
Response.Redirect("index.aspx");
}
%>
<body>
</body>
</html>
参看:http://yb2008.vicp.net/NetSystem/
每次提交后用户密码者为admin,但提交后又回到index.asp,实在不知道是什么原因!
谢谢!
问题点数:50、回复次数:18Top
1 楼sean168(最爱拉布拉多)回复于 2005-01-27 15:17:34 得分 30
Response.Redirect("loginok.aspx")你是跳转到这页吗
Top
2 楼yb2008(中科商务网--ZKE360.COM)回复于 2005-01-27 15:22:28 得分 0
sean168(凉风有兴,秋月无边)
我是先由index.asp提交数据到login.asp判断通过再到loginok.asp(主界面)
如果没有通过,就到index.aspTop
3 楼webserv2(New life New job)回复于 2005-01-27 15:22:56 得分 2
Response.Write("<script language=javascript>alert('用户名或密码错误!');</script>");
Response.Redirect("index.aspx");
这个没有必要 两个要一个就好了Top
4 楼sean168(最爱拉布拉多)回复于 2005-01-27 15:27:31 得分 10
参考一下吧,这是最简单的,自己改一下,看你的也看不出什么。
config--------------->
<authentication mode="Forms" >
<forms loginUrl="login.aspx"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
.CS----------------->
string UserName=this.TextBox1.Text.Trim();
string Pass=this.Textbox2.Text.Trim();
SqlConnection Mycon=new SqlConnection(server=(local);DataBase=jdp;User ID=sa;Pwd=;Timeout=900");
string Sql="select UserName,Pass from dbo.UserInfo where UserName='"+UserName+"'and Pass='"+Pass+"'";
SqlDataAdapter Dat=new SqlDataAdapter(Sql,Mycon);
DataTable Dt=new DataTable();
Dat.Fill(Dt);
if(Dt.Rows.Count>0)
{
FormsAuthentication.RedirectFromLoginPage(UserName,false);
Response.Redirect("default.aspx?User="+this.TextBox1.Text.Trim());
}
else
{
Response.Write("<script>alert('你输入的密码错误!'Top
5 楼yb2008(中科商务网--ZKE360.COM)回复于 2005-01-27 15:28:49 得分 0
试了,还是不行,重回到index.aspTop
6 楼yb2008(中科商务网--ZKE360.COM)回复于 2005-01-27 15:30:45 得分 0
是不是我的forms验证用错了,超初用session的可以,但两分钟就超时,一直没解决,改用forms了!Top
7 楼yb2008(中科商务网--ZKE360.COM)回复于 2005-01-27 15:43:00 得分 0
loginUrl="index.aspx"我改成login.aspx又出现新问题了!
参看!
http://yb2008.vicp.net/NetSystem/
Top
8 楼sean168(最爱拉布拉多)回复于 2005-01-27 15:46:54 得分 0
我是直接login.aspx一个页
所以
<authentication mode="Forms" >
<forms loginUrl="login.aspx"></forms>
</authentication>
FormsAuthentication.RedirectFromLoginPage(UserName,false);
Response.Redirect("default.aspx?User="+this.TextBox1.Text.Trim());
验证通过后跳转到default.aspx
看你是不是由index到login之间出了什么问题。
因为你设的是
<forms name=".ASPXUSERDEMO" loginUrl="index.aspx" protection="All" timeout="30"
path="/">
</forms>
Top
9 楼web_gus(树欲静而风不止)回复于 2005-01-27 15:54:57 得分 2
用session可以在web.config设置超时时间,txtUsername.Text是什么值?Top
10 楼web_gus(树欲静而风不止)回复于 2005-01-27 15:57:10 得分 0
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
为了访问注册页,web.config的</configuration>结束前加上这个Top
11 楼yb2008(中科商务网--ZKE360.COM)回复于 2005-01-27 16:02:30 得分 0
我的index.aspx源代码:是不是我提交的时候弄错了!
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>管理员登录</title>
<link href="../pt9.css" rel="stylesheet" type="text/css">
<link href="../css/pt9.css" rel="stylesheet" type="text/css">
<link href="css/pt9.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#000000">
<form name="form1" method="post" action="login.aspx">
<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><table width="771" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="790" height="79" bgcolor="#427DB5" class="pt9"><img src="gif/002.gif" width="771" height="212"></td>
</tr>
<tr>
<td height="79" bgcolor="#427DB5" class="pt9"> <div align="center"><font color="#FFFFFF">用户名:
<input name="user" type="text" class="box1" id="user2" size="12" maxlength="12">
密 码:
<input name="pwd" type="password" class="box1" id="pwd3" size="12" maxlength="12">
<input type="submit" name="Submit" value="登录">
<input name="清楚" type="reset" id="清楚3" value="清除">
</font> </div></td>
</tr>
<tr>
<td height="70" bgcolor="#EFEFEF" class="pt9"><div align="center">东莞市亿声科技有限公司(商务部业务管理系统V1.0)</div></td>
</tr>
<tr>
<td> </td>
</tr>
</table></td>
</tr>
</table>
</form>
</body>
</html>
Top
12 楼clcy(风雨)回复于 2005-01-27 16:06:45 得分 2
顶~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`Top
13 楼yb2008(中科商务网--ZKE360.COM)回复于 2005-01-27 16:06:55 得分 0
我是提交到login.asp再判断的!Top
14 楼yb2008(中科商务网--ZKE360.COM)回复于 2005-01-27 16:12:36 得分 0
是不是一定要放在一页才可以哦!Top
15 楼sean168(最爱拉布拉多)回复于 2005-01-27 16:17:49 得分 0
<authentication mode="Forms" >
<forms loginUrl="login.aspx"></forms>
</authentication>
设置的是login页
你就要在
login页通过验证才可以跳转啊
FormsAuthentication.RedirectFromLoginPage(UserName,false);
Response.Redirect("loginok.aspx");
Top
16 楼mengshuai1982(Striving)回复于 2005-01-27 16:22:20 得分 2
如果没有通过,就到index.asp
——————————————————
当然了,你这样写
Response.Write("<script language=javascript>alert('用户名或密码错误!');</script>");
Response.Redirect("index.aspx");
根本不会弹出提示框,而是直接转向index.aspx了。
去掉Response.Redirect("index.aspx");就对了
Top
17 楼yyne(一步一个脚印往上爬)回复于 2005-01-27 16:37:34 得分 2
给一段参考代码
Web.Config
----------------------------
<configuration>
<system.web>
<authentication mode="Forms" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Login.aspx
----------------------------
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<script language="C#" runat=server>
void Page_Load(Object sender , EventArgs e)
{
string strLinkPath;
if (! IsPostBack ) {
strLinkPath = string .Format( "Register/Register.aspx?ReturnUrl={0}", Request.Params[ "ReturnUrl" ] );
lnkRegister.NavigateUrl = string .Format( strLinkPath );
}
}
void Button_Click( object s, EventArgs e ) {
if ( IsValid ) {
if ( DBAuthenticate( txtUsername.Text, txtPassword.Text ) > 0 )
{
FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, false );
}
}
}
int DBAuthenticate( string strUsername, string strPassword ) {
SqlConnection conMyData;
SqlCommand cmdSelect;
SqlParameter parmReturnValue;
int intResult;
conMyData = new SqlConnection( "Server=localhost;Integrated Security=SSPI;Database=myData" );
cmdSelect = new SqlCommand( "DBAuthenticate", conMyData );
cmdSelect.CommandType = CommandType.StoredProcedure;
parmReturnValue = cmdSelect.Parameters.Add( "RETURN_VALUE", SqlDbType.Int );
parmReturnValue.Direction = ParameterDirection.ReturnValue;
cmdSelect.Parameters.Add( "@username", strUsername );
cmdSelect.Parameters.Add( "@password", strPassword );
conMyData.Open();
cmdSelect.ExecuteNonQuery();
intResult = System.Convert.ToInt32(cmdSelect.Parameters[ "RETURN_VALUE" ].Value);
conMyData.Close();
if ( intResult < 0 )
{
if ( intResult == -1 )
{
lblMessage.Text = "Username ! Registered!";
}
else
{
lblMessage.Text = "Invalid Password!";
}
}
return intResult;
}
</Script>
<html>
<head><title>Login.aspx</title></head>
<body>
<form Runat="Server">
<h2>Please Login:</h2>
<asp:Label
ID="lblMessage"
ForeColor="Red"
Font-Bold="True"
Runat="Server" />
<p>
<b>Username:</b>
<br/>
<asp:TextBox
ID="txtUsername"
Runat="Server" />
<asp:RequiredFieldValidator
ControlToValidate="txtUsername"
Text="Required!"
Runat="Server" />
<p>
<b>Password:</b>
<br/>
<asp:TextBox
ID="txtPassword"
Runat="Server" />
<asp:RequiredFieldValidator
ControlToValidate="txtPassword"
Text="Required!"
Runat="Server" />
<p>
<asp:Button
Text="Login!"
OnClick="Button_Click"
Runat="Server" />
<hr>
<asp:HyperLink
ID="lnkRegister"
Text="Click Here To Register!"
Runat="Server" />
</form>
</body>
</html>
Top
18 楼minghui000(沉迷网络游戏)回复于 2005-02-18 16:16:59 得分 0
upTop
