需要使用 asp.net 登录身份验证方面的帮助
我能够验证登录页面的简单方法。 我如何在三层架构中进行身份验证? 请有人给我发送 DAL、BAL 和 GUI 层中应该包含什么的代码? 这是我的简单代码:
Web.config:
<authentication mode="form">
<form loginurl="Login.aspx">
<credential password Format="clear">
<user name="abcd" password="1234">
</credential>
</authentication>
</form>
<authorization>
<deny users="?">
</authorization>
login.aspx.cs:
sqlconnection con=new sqlconnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
sqldataAdapter da=new sqldataAdapter("select * from Login where UserName='"+TextBox1.Text+"' and Password='"+TextBox2.Text+"'",con);
Dataset ds=new Dataset();
da.Fill(ds);
if(ds.Tables[0].rows.Count>0)
{
if(FormAuthentication.Authenticate("abcd","1234")
{
FormAuthentication.RedirectFromLoginPage(TextBox1.Text,false);
Response.write("Logged in");
}
else
{
Response.write("Unautherised User");
}
Response.Redirect("welcome.aspx");
}
else
{
Response.write("Sorry Invalid UserName or Password");
}
Simple way i am able to authenticate login page. How can i do that authentication in 3 tier architecture? please somebody send me the code that what should be in DAL,BAL,and GUI layers? Here is my simple code:
Web.config:
<authentication mode="form">
<form loginurl="Login.aspx">
<credential password Format="clear">
<user name="abcd" password="1234">
</credential>
</authentication>
</form>
<authorization>
<deny users="?">
</authorization>
login.aspx.cs:
sqlconnection con=new sqlconnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
sqldataAdapter da=new sqldataAdapter("select * from Login where UserName='"+TextBox1.Text+"' and Password='"+TextBox2.Text+"'",con);
Dataset ds=new Dataset();
da.Fill(ds);
if(ds.Tables[0].rows.Count>0)
{
if(FormAuthentication.Authenticate("abcd","1234")
{
FormAuthentication.RedirectFromLoginPage(TextBox1.Text,false);
Response.write("Logged in");
}
else
{
Response.write("Unautherised User");
}
Response.Redirect("welcome.aspx");
}
else
{
Response.write("Sorry Invalid UserName or Password");
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
一般来说,您至少应该有以下类:
另外,为了防止 SQL 注入,切勿连接查询字符串。 请改用参数。
以下是一些示例类:
In general you should have at least the following classes:
Also, to prevent SQL injections never concatenate query strings. Use parameters instead.
Here are some example classes:
有点不知所措,为什么要重新发明轮子? ASP.NET 会员提供程序为您完成这一切,如果您需要大量修改其行为,它是开源的,易于阅读、理解和更改。 它可以轻松地与您自己的 n 层架构集成 - 我们一直这样做。
Slightly at a loss as to why you would want to reinvent the wheel? ASP.NET Membership provider does this all for you, and if you need to heavily modify its behaviour, its open source, easy to read, understand and change. It can be integrated easily with your own n-tier architecture - we do this all the time.