需要使用 asp.net 登录身份验证方面的帮助

发布于 2024-07-13 14:11:29 字数 1182 浏览 8 评论 0原文

我能够验证登录页面的简单方法。我如何在三层架构中进行身份验证？请有人给我发送 DAL、BAL 和 GUI 层中应该包含什么的代码？这是我的简单代码：

Web.config：

<authentication mode="form">
    <form loginurl="Login.aspx">
         <credential password Format="clear">
          <user name="abcd" password="1234">
        </credential>
      </authentication>
     </form>
   <authorization>
     <deny users="?">
   </authorization>

   sqlconnection con=new sqlconnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
sqldataAdapter da=new sqldataAdapter("select * from Login where UserName='"+TextBox1.Text+"' and Password='"+TextBox2.Text+"'",con);
Dataset ds=new Dataset();
da.Fill(ds);

if(ds.Tables[0].rows.Count>0)
{
   if(FormAuthentication.Authenticate("abcd","1234")
   {
        FormAuthentication.RedirectFromLoginPage(TextBox1.Text,false);
        Response.write("Logged in");
    }
    else
    {
        Response.write("Unautherised User");
    }

   Response.Redirect("welcome.aspx");
}
else
{
  Response.write("Sorry Invalid UserName or Password");
}

原文

Simple way i am able to authenticate login page. How can i do that authentication in 3 tier architecture? please somebody send me the code that what should be in DAL,BAL,and GUI layers? Here is my simple code:

Web.config:

<authentication mode="form">
    <form loginurl="Login.aspx">
         <credential password Format="clear">
          <user name="abcd" password="1234">
        </credential>
      </authentication>
     </form>
   <authorization>
     <deny users="?">
   </authorization>

   sqlconnection con=new sqlconnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
sqldataAdapter da=new sqldataAdapter("select * from Login where UserName='"+TextBox1.Text+"' and Password='"+TextBox2.Text+"'",con);
Dataset ds=new Dataset();
da.Fill(ds);

if(ds.Tables[0].rows.Count>0)
{
   if(FormAuthentication.Authenticate("abcd","1234")
   {
        FormAuthentication.RedirectFromLoginPage(TextBox1.Text,false);
        Response.write("Logged in");
    }
    else
    {
        Response.write("Unautherised User");
    }

   Response.Redirect("welcome.aspx");
}
else
{
  Response.write("Sorry Invalid UserName or Password");
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

琉璃梦幻 2024-07-20 14:11:29

一般来说，您至少应该有以下类：

在 DAL 中，您应该有一个负责数据库连接的类
在 BAl 中，您应该有一个代表每个用户实例的类。该类应该有一个名为 login() 的方法，所有身份验证和授权都在该方法中进行。
代表用户界面的 Web 表单。

另外，为了防止 SQL 注入，切勿连接查询字符串。请改用参数。

以下是一些示例类：

namespace DAL
{
    public class ConnectionManager
    {
        public static SqlConnection GetConnection() {
            SqlConnection cn = new SqlConnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
            cn.Open();
            return cn;
        }
    }
}

namespace BAL
{
    public class User
    {
        public string UserName { get; set; }
        public string Password { private get; set; }

        public bool Login() {
            return Login(this.UserName, this.Password);
        }

        public bool Login(string user, string password) {
            bool success=false;
            using (SqlConnection cn = ConnectionManager.GetConnection())
            {
                string sql = "select count(*) from Login where UserName=@user and Password=@password";
                using (SqlCommand command = new SqlCommand(sql, cn))
                {
                    command.Parameters["@user"].Value = user;
                    command.Parameters["@password"].Value = password;
                    success = (int)command.ExecuteScalar() > 0;
                }
                cn.Close();
            }
            return success;
        }
    }
}

In general you should have at least the following classes:

In DAL you should have a Class that hands of database connections
In BAl you should have a Class that represents every user instance. This class should have a method called login() where all the authentication and authorization takes place.
A web form representing the user interface.

Also, to prevent SQL injections never concatenate query strings. Use parameters instead.

Here are some example classes:

namespace DAL
{
    public class ConnectionManager
    {
        public static SqlConnection GetConnection() {
            SqlConnection cn = new SqlConnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
            cn.Open();
            return cn;
        }
    }
}

namespace BAL
{
    public class User
    {
        public string UserName { get; set; }
        public string Password { private get; set; }

        public bool Login() {
            return Login(this.UserName, this.Password);
        }

        public bool Login(string user, string password) {
            bool success=false;
            using (SqlConnection cn = ConnectionManager.GetConnection())
            {
                string sql = "select count(*) from Login where UserName=@user and Password=@password";
                using (SqlCommand command = new SqlCommand(sql, cn))
                {
                    command.Parameters["@user"].Value = user;
                    command.Parameters["@password"].Value = password;
                    success = (int)command.ExecuteScalar() > 0;
                }
                cn.Close();
            }
            return success;
        }
    }
}

回复收藏 0 原文