需要帮助的ASP.Net c#登录页面
本文关键字:登录 Net ASP 帮助 | 更新日期: 2023-09-27 18:04:28
这段代码有什么问题?我试过很多方法。但是它总是显示登录失败。没有构建错误。我有一个名为蜜罐的数据库和一个名为注册表在它,用户名行和密码行作为varchars。我使用内置的登录控制。有人能帮忙吗?我用的是Visual studio 2013。
home.aspx.cs
enter code here
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
namespace CodeInjection4
{
public partial class Home : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
}
}
private static int count = 0;
protected void log1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (log1.UserName == "Admin" && log1.Password == "Admin")
{
Response.Redirect("Adminhome.aspx");
}
else if (YourValidationFunction(log1.UserName, log1.Password))
{
Session["User"] = log1.UserName;
e.Authenticated = true;
Response.Redirect("userhome.aspx");
log1.TitleText = "Successfully Logged In";
}
else
{
e.Authenticated = false;
count++;
if (count >= 3)
{
count = 0;
Session["User"] = log1.UserName;
Server.Transfer("MainPage.aspx");
}
}
}
private SqlConnection strConnection = new
SqlConnection("server=.''SQLEXPRESS;database=honeypot;integrated security=true;");
private bool YourValidationFunction(string UserName, string Password)
{
bool boolReturnValue = false;
String SQLQuery = "SELECT UserName, Password FROM Register";
SqlCommand command = new SqlCommand(SQLQuery, strConnection);
SqlDataReader Dr;
try
{
strConnection.Open();
Dr = command.ExecuteReader();
while (Dr.Read())
{
if ((UserName == Dr["UserName"].ToString()) & (Password == Dr["Password"].ToString()))
{
boolReturnValue = true;
}
}
Dr.Close();
}
catch
{
}
return boolReturnValue;
}
protected void lnkRegis_Click(object sender, EventArgs e)
{
Response.Redirect("AdUserAcc.aspx");
}
}
}
Home.aspx
enter code here
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Home.aspx.cs" Inherits="CodeInjection4.Home" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<script runat="server">
</script>
<style type="text/css">
#form1 {
text-align: center;
}
.auto-style1 {
width: 981px;
text-align: left;
}
.auto-style2 {
width: 961px;
}
</style>
</head>
<body>
<form id="form1" runat="server">
<div>
Forestalling Code Injection</div>
<asp:Login ID="log1" OnAuthenticate="log1_Authenticate" runat="server" Width="1062px">
<LayoutTemplate>
<table cellpadding="1" cellspacing="0" style="border-collapse:collapse;">
<tr>
<td>
<table cellpadding="0">
<tr>
<td align="center" colspan="2">Log In</td>
</tr>
<tr>
<td align="right" class="auto-style2">
<asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">User Name:</asp:Label>
</td>
<td class="auto-style1">
<asp:TextBox ID="UserName" runat="server"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName" ErrorMessage="User Name is required." ToolTip="User Name is required." ValidationGroup="log1">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right" class="auto-style2">
<asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
</td>
<td class="auto-style1">
<asp:TextBox ID="Password" runat="server" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password" ErrorMessage="Password is required." ToolTip="Password is required." ValidationGroup="log1">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td colspan="2">
<asp:CheckBox ID="RememberMe" runat="server" Text="Remember me next time." />
</td>
</tr>
<tr>
<td align="center" colspan="2" style="color:Red;">
<asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
</td>
</tr>
<tr>
<td align="right" colspan="2" style="text-align: center">
<asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="log1" />
</td>
</tr>
</table>
</td>
</tr>
</table>
</LayoutTemplate>
</asp:Login>
<br />
<asp:Button ID="Button1" runat="server" Text="Register" PostBackUrl="~/AdUserAcc.aspx" />
</form>
</body>
</html>
选择所有用户并遍历它们。如果找到匹配的用户名和密码,如
,则跳出循环if ((UserName == Dr["UserName"].ToString()) & (Password == Dr["Password"].ToString()))
{
boolReturnValue = true;
break;
}
否则下一个用户将把它设置回false。
注意事项:
选择所有用户并迭代它们是不可扩展的,并且不会表现良好。相反,您可以在WHERE子句中传递用户名和密码。如果你得到一个匹配,那么登录信息是正确的
我建议使用逻辑与运算符(&&)而不是按位与运算符(&)。这里有一个SO线程与相关的讨论:用法&与,,
考虑使用咸口令哈希而不是明文口令