我有2页:Login.aspx和Satis.aspx。如果身份验证正确,我将从Login.aspx重定向到Satis.aspx。如果我从满意登出我重定向到Login.aspx。但是,如果我在web扫描器上编写satis.aspx'url,则输入satis.aspx。但是我没有登录Satis.aspx。我不应直接输入Satis.aspx。基于表单的身份验证问题?
我的web配置:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" path="/" protection="All">
<credentials>
<user name="a" password="a"></user>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="~/ContentPages/Satis/Satis.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Login.aspx.cs:
protected void lnkSubmit_Click(object sender, EventArgs e)
{
if(FormsAuthentication.Authenticate(UserEmail.Value,UserPass.Value))
{
FormsAuthentication.RedirectFromLoginPage
(UserEmail.Value, PersistForms.Checked);
}
else
Msg.Text = "Invalid Credentials: Please try again";
}
Satis.aspx
protected void LogoutSystem_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
Response.Redirect("~/Login/Login.aspx");
}
你知道它的用户? – programmerist 2010-04-02 07:55:56
请更改您的问题 – Midhat 2010-04-02 07:56:02
您的意思是“换句话”是什么意思? – programmerist 2010-04-02 08:01:28