IDC资讯中心
asp.net中的身份验证
我用的是基于窗体的验证,这也是最常用的,我只写一下摘要,源代码太长,但应该不影响理解代码.
web.config的修改:
<authentication mode="forms" />
用户的登陆验证方法,:
这里有两个输入控件的,一个是user_tb,用来输入用户,一个是psw_tb,用来输入密码
private void button1_click(object sender, system.eventargs e)
{
//用户登陆验证
string ip= system.web.httpcontext.current.request.userhostaddress ;
string user_name=user_tb.text;
string user_psw=psw_tb.text;
user_name=user_name.replace("<","<").replace(">",">").replace(" "," ").replace("","‘");
user_psw=user_psw.replace("<","<").replace(">",">").replace(" "," ").replace("","‘");
if(user_name!=""||user_psw!="")
{
sqlconnection myconn=new sqlconnection((string)configurationsettings.appsettings["connstring"]);//连接数据库
myconn.open();//打开
string validate_sql="select * from web_user where user_name="+user_name+"and user_psw="+user_psw+"";
sqlcommand validate_com=new sqlcommand(validate_sql,myconn);
sqldatareader validate=validate_com.executereader();
string temp="";
while(validate.read())
{
session["user_name"]=user_name;
session["user_flag"]=validate["user_flag"].tostring();
temp="yes";
}
validate.close();
if(temp=="yes")
{
user_tb.text="";
psw_tb.text="";
system.web.security.formsauthentication.redirectfromloginpage(user_name,false);
response.redirect("manage_index.aspx");
}
else
{
response.write("<script>alert(您的用户名或密码错误!);</script>");
return ;
}
user_tb.text="";
psw_tb.text="";
myconn.close();
}
}
判断用户是否已经登陆:
private void page_load(object sender, system.eventargs e)
{
//在这里判断用户是否已经登陆
if(!system.web.httpcontext.current.user.identity.isauthenticated)
{
response.write("<script>alert(您没有登陆!);history.back()</script>");
}
string strusername;
strusername=system.web.httpcontext.current.user.identity.name+"<br>+system.web.httpcontext.current.user.identity.isauthenticated";
lbiusername.text=strusername;
// 在此处放置用户代码以初始化页面
}
用户的退出:
private void linkbutton1_click(object sender, system.eventargs e)
{ //退出
session["user_name"]=null;
session["user_flag"]=null;
session.clear();
system.web.security.formsauthentication.signout();
response.redirect("default.aspx");
}
