工作,我想使基于饼干登录系统(不是唱出来的页面关闭或刷新时)登录使用cookie是不是在ASP.net
这是为Login.aspx后面的代码。 cs:
string cmdText = "SELECT Username,Role FROM Login WHERE Username = '" + TextBox1.Text + "' AND Password = '" + TextBox2.Text + "'";
string username = "";
string role = "";
using (SqlCommand SelectCommand = new SqlCommand(cmdText, connectionstring))
{
SqlDataReader myReader;
connectionstring.Open();
myReader = SelectCommand.ExecuteReader();
while (myReader.Read())
{
username = myReader["username"].ToString();
role = myReader["role"].ToString();
}
myReader.Close();
if (!string.IsNullOrEmpty(username))
{
string script = "alert(\"Login successful!\");";
ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true);
connectionstring.Close();
//STORE userinfo into cookie,set cookie Expires 1 day more
Response.Cookies["username"].Path = username;
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
Response.Cookies["role"].Path = role;
Response.Cookies["role"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["role"].Path = "/";
if (role.Equals("admin"))
{
Response.Redirect("admin.aspx");
Label1.Text = "admin";
}
if (role.Equals("doctor"))
{
Response.Redirect("doctor.aspx");
Label1.Text = "doc";
}
if (role.equals("patient"))
{
Response.Redirect("patient.aspx");
}
}
else
{
string script = "alert(\"Login Failed!\");";
ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true);
connectionstring.Close();
}
}
}
但看起来像我在重定向到我想要的页面有问题。 当我输入管理员角色的用户名和密码。它说,登录成功,但没有进入管理页面。 这是为什么?我错过了什么吗?
对于管理员(和其他网页)我用这个代码读取饼干
string role = "";
string username = "";
if (Request.Cookies["role"] != null)
{
role = Request.Cookies["role"].Value;
}
if (Request.Cookies["role"] != null)
{
username = Request.Cookies["username"].Value;
}
if (role == "patient ")
{
//SET control visible=false if no right.
Button1.Visible = false;
}
,这给登录后修改cookies和/或用户喊了一声
//create cookie
Response.Cookies["username"].Value = Server.UrlEncode("abc");
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
//modify cookie value
Response.Cookies["username"].Value = Server.UrlEncode("def");;
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
//delete cookie value
//delete cookie infact is set Expires is past day DateTime.Now.AddDays(-1);
Response.Cookies["username"].Value = Server.UrlEncode("def");
Response.Cookies["username"].Expires = DateTime.Now.AddDays(-1);
Response.Cookies["username"].Path = "/";
//checking if cookie exist and reading it.
if (Request.Cookies["role"] != null)
{
role = Server.UrlDecode(Request.Cookies["role"].Value);
}
但照顾就像我错过了一些我不了解的东西。我认为问题是如果功能,在这里:
if (role.Equals("admin"))
有什么建议吗?这是使用cookie的正确方法吗?
为什么重新发明车轮? asp.net已经内置了所有这些功能。由于您的代码现在非常容易受到SQL注入的影响,您的Cookie可能不安全。 Google'asp net authentication'或者阅读这篇文章:http://www.c-sharpcorner.com/uploadfile/syedshakeer/formsauthentication-in-Asp-Net/ – VDWWD
你是否收到response.redirect的错误信息? – Balaji
@Balaji我无法重新连接到我想要的页面。根据角色(医生),我没有被重定向到任何页面。它只是呆在那里,在登录页面。 – berg96