<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<!-- 动态调试编译
设置 compilation debug="true"
以将调试符号(.pdb 信息)
插入到编译页中。因为这将创建执行起来
较慢的大文件,所以应该只在调试时将该值设置为 true,而所有其他时候都设置为
false。有关更多信息,请参考有关
调试 ASP.NET 文件的文档。
-->
<compilation defaultLanguage="vb"
debug="true" />
<!-- 自定义错误信息
设置 customErrors mode="On" 或
"RemoteOnly" 以启用自定义错误信息,或设置为 "Off" 以禁用自定义错误信息。
为每个要处理的错误添加 <error> 标记。
-->
<customErrors mode="RemoteOnly"
/>
<!-- 身份验证
此节设置应用程序的身份验证策略。可能的模式是 \“Windows\”、
\“Forms\”、\“Passport\”和 \“None\”
-->
<authentication mode="Windows"
/>
<!-- 授权
此节设置应用程序的授权策略。可以允许或拒绝用户或角色访问
应用程序资源。通配符:"*" 表示任何人,"?"
表示匿名
(未授权的)用户。
-->
<authorization>
<allow users="*" /> <!--
允许所有用户 -->
<!-- <allow users="[逗号分隔的用户列表]"
roles="[逗号分隔的角色列表]"/>
<deny users="[逗号分隔的用户列表]"
roles="[逗号分隔的角色列表]"/>
-->
</authorization>
<!-- 应用程序级别跟踪记录
应用程序级别跟踪在应用程序内为每一页启用跟踪日志输出。
设置 trace enabled="true" 以启用应用程序跟踪记录。如果
pageOutput="true",则
跟踪信息将显示在每一页的底部。否则,可以通过从 Web 应用程序
根浏览 "trace.axd" 页来查看
应用程序跟踪日志。
-->
<trace enabled="false" requestLimit="10"
pageOutput="false" traceMode="SortByTime"
localOnly="true" />
<!-- 会话状态设置
默认情况下,ASP.NET 使用 cookie 标识哪些请求属于特定的会话。
如果 cookie 不可用,则可以通过将会话标识符添加到 URL 来跟踪会话。
若要禁用 cookie,请设置 sessionState cookieless="true"。
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password="
cookieless="false"
timeout="20"
/>
<!-- 全球化
此节设置应用程序的全球化设置。
-->
<globalization requestEncoding="utf-8"
responseEncoding="utf-8" />
</system.web>
</configuration>
<authentication mode="Forms">
<forms name="yourAuthCookie" loginUrl="login.aspx"
protection="All" path="/"
/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
但是这样会产生一个问题,那就是如果我的站点有一些信息是可以让任意用户随意访问的,比如站点简介,使用说明等。如果按照上面的处理方法岂不让用户觉得很麻烦,呵呵,不急,在ASP.NET中自然有相应的解决办法。下面的代码可以实现匿名用户访问Test.aspx页面:
<location path="test.aspx">
<system.web>
<authorization>
<allow users="?"
/>
</authorization>
</system.web>
</location>
<%@ Page language="c#" Codebehind="login.aspx.cs"
AutoEventWireup="false" Inherits="secure.login"
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
>
<HTML>
<HEAD>
<title>Secure Site</title>
<meta content="Microsoft Visual Studio
7.0" name="GENERATOR">
<meta content="C#" name="CODE_LANGUAGE">
<meta content="JavaScript" name="vs_defaultClientScript">
<meta content="http://schemas.microsoft.com/intellisense/ie5"
name="vs_targetSchema">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="login" method="post"
runat="server">
<table cellSpacing="0"
cellPadding="0" border="0">
<tr>
<td vAlign="top"
align="left">
<asp:label
id="Message" Runat="server" ForeColor="#ff0000">
</asp:label>
</td>
</tr>
<tr>
<td vAlign="top"
align="left">
<b>E-mail:</b>
</td>
</tr>
<tr>
<td vAlign="top"
align="left">
<asp:textbox
id="username" Runat="server" Width="120">
</asp:textbox>
</td>
</tr>
<tr>
<td vAlign="top"
align="left">
<b>Password:</b>
</td>
</tr>
<tr>
<td vAlign="top"
align="left">
<asp:textbox
id="password" Runat="server"
Width="120" TextMode="Password">
</asp:textbox>
</td>
</tr>
<tr>
<td vAlign="top"
align="left">
<asp:checkbox
id="saveLogin" Runat="server"
Text="<b>Save my login</b>">
</asp:checkbox>
</td>
</tr>
<tr>
<td vAlign="top"
align="right">
<asp:imagebutton
id="btnLogin" Runat="server"
ImageUrl="/images/w2k/login/btnLogin.gif">
</asp:imagebutton>
</td>
</tr>
</table>
</form>
</body>
</HTML>
界面做好之后,就开始编写提交按钮事件,首先需要注册该事件,代码如下:
private void InitializeComponent()
{
this.btnLogin.Click += new System.Web.UI.ImageClickEventHandler(this.btnLogin_Click);
.
.
.
}
事件注册好之后,自然就是编写事件处理函数了:
private void btnLogin_Click(object sender, System.Web.UI.ImageClickEventArgs
e)
{
CCommonDB sql = new CCommonDB();
string redirect = "";
if((redirect = sql.AuthenticateUser(this.Session,
this.Response,
username.Text, password.Text,
saveLogin.Checked)) != string.Empty)
{
// Redirect the user
Response.Redirect(redirect);
}
else
{
Message.Text = "Login
Failed!";
}
}
读者看完上面的代码之后一定想问CCommonDB是哪里来的东东,这是我编写的一个类,用来处理用户登录信息的,如果成功则把相关信息写入session、Cookie和SQL数据库,同时跳到default.aspx页面。具体如下:
CCommonDB.cs
namespace secure.Components
{
public class CCommonDB : CSql
{
public CCommonDB() : base() { }
public string AuthenticateUser(
System.Web.SessionState.HttpSessionState
objSession, // Session Variable
System.Web.HttpResponse objResponse,
// Response Variable
string email,
// Login
string password,
// Password
bool bPersist
// Persist login
)
{
int nLoginID = 0;
int nLoginType = 0;
// Log the user in
Login(email, password, ref nLoginID,
ref nLoginType);
if(nLoginID != 0) // Success
{
// Log the user in
System.Web.Security.FormsAuthentication.SetAuthCookie(nLoginID.ToString(),
bPersist);
// Set the session
varaibles
objSession["loginID"]
= nLoginID.ToString();
objSession["loginType"]
= nLoginType.ToString();
// Set cookie information
incase they made it persistant
System.Web.HttpCookie
wrapperCookie = new System.Web.HttpCookie("wrapper");
wrapperCookie.Value
= objSession["wrapper"].ToString();
wrapperCookie.Expires
= DateTime.Now.AddDays(30);
System.Web.HttpCookie
lgnTypeCookie = new System.Web.HttpCookie("loginType");
lgnTypeCookie.Value
= objSession["loginType"].ToString();
lgnTypeCookie.Expires
= DateTime.Now.AddDays(30);
// Add the cookie
to the response
objResponse.Cookies.Add(wrapperCookie);
objResponse.Cookies.Add(lgnTypeCookie);
return "/candidate/default.aspx";
}
case 1:
// Admin Login
{
return "/admin/default.aspx";
}
case 2:
// Reporting Login
{
return "/reports/default.aspx";
}
default:
{
return string.Empty;
}
}
}
else
{
return string.Empty;
}
}
/// <summary>
/// Verifies the login and password that were
given
/// </summary>
/// <param name="email">the
login</param>
/// <param name="password">the
password</param>
/// <param name="nLoginID">returns
the login id</param>
/// <param name="nLoginType">returns
the login type</param>
public void Login(string email, string password,
ref int nLoginID, ref int nLoginType)
{
ResetSql();
DataSet ds = new DataSet();
// Set our parameters
SqlParameter paramLogin = new SqlParameter("@username",
SqlDbType.VarChar, 100);
paramLogin.Value = email;
SqlParameter paramPassword = new
SqlParameter("@password", SqlDbType.VarChar, 20);
paramPassword.Value = password;
Command.CommandType = CommandType.StoredProcedure;
Command.CommandText = "glbl_Login";
Command.Parameters.Add(paramLogin);
Command.Parameters.Add(paramPassword);
Adapter.TableMappings.Add("Table",
"Login");
Adapter.SelectCommand = Command;
Adapter.Fill(ds);
if(ds.Tables.Count != 0)
{
DataRow row = ds.Tables[0].Rows[0];
// Get the login id
and the login type
nLoginID = Convert.ToInt32(row["Login_ID"].ToString());
nLoginType =
Convert.ToInt32(row["Login_Type"].ToString());
}
else
{
nLoginID = 0;
nLoginType = 0;
}
}
}
abstract public class CSql
{
private SqlConnection sqlConnection;
// Connection string
private SqlCommand sqlCommand;
// Command
private SqlDataAdapter sqlDataAdapter;
// Data Adapter
private DataSet sqlDataSet;
// Data Set
public CSql()
{
sqlConnection = new SqlConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
sqlCommand =
new SqlCommand();
sqlDataAdapter = new SqlDataAdapter();
sqlDataSet =
new DataSet();
sqlCommand.Connection = sqlConnection;
}
/// <summary>
/// Access to our sql command
/// </summary>
protected SqlCommand Command
{
get { return sqlCommand; }
}
/// <summary>
/// Access to our data adapter
/// </summary>
protected SqlDataAdapter Adapter
{
get { return sqlDataAdapter; }
}
/// <summary>
/// Makes sure that everything is clear and
ready for a new query
/// </summary>
protected void ResetSql()
{
if(sqlCommand != null)
{
sqlCommand = new SqlCommand();
sqlCommand.Connection
= sqlConnection;
}
if(sqlDataAdapter != null)
sqlDataAdapter = new
SqlDataAdapter();
if(sqlDataSet != null)
sqlDataSet = new DataSet();
}
/// <summary>
/// Runs our command and returns the dataset
/// </summary>
/// <returns>the data set</returns>
protected DataSet RunQuery()
{
sqlDataAdapter.SelectCommand =
Command;
sqlConnection.Open();
sqlConnection.Close();
sqlDataAdapter.Fill(sqlDataSet);
return sqlDataSet;
}
}
}