我基本上使用VS2008和SQL Server 2005创建一个网站,该网站使用登录页面启动。现在,我想验证用户输入的LoginID和Password。一旦系统从数据库表中找到ID和密码,就会进行此身份验证。找到之后,我想检查它是哪种用户,即Admin或Customer。如果用户是管理员,则该页面应重定向到abc.aspx,否则为cde.aspx。
我对LoginPage的前端是:
<tr>
<td class="style11"> Login </td>
<td>
<asp:TextBox ID="txtUserName" runat="server" Width="300px" CssClass="Textbox1"></asp:TextBox>
</td>
</tr>
<tr>
<td class="style11"> Password </td>
<td>
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password" Width="300px" CssClass="Textbox1"></asp:TextBox>
</td>
</tr>
<tr>
<td colspan="2">
<asp:Button ID="btnSubmit" runat="server" OnClick="btnSubmit_Click" CssClass="btn1"
Text="Submit" />
<asp:Button ID="btnCancel" runat="server" OnClick="btnCancel_Click" CssClass="btn1"
Text="Cancel" />
</td>
</tr>
我的后端代码是:
//CODE 1
SqlDataSource sds = new SqlDataSource();
sds.ConnectionString = ConfigurationManager.ConnectionStrings["Gen_LicConnectionString3"].ToString();
sds.SelectParameters.Add("LoginID", TypeCode.String, this.txtUserName.Text);
sds.SelectParameters.Add("Password", TypeCode.String, this.txtPassword.Text);
sds.SelectCommand = "SELECT User_Type FROM [User_Details] WHERE [LoginID]=@LoginID AND [Password]=@Password";
if (//Some Condition) //<-- Here I want to check the condition whether the User_Type is 'Admin' or 'Customer'
{
Response.Redirect("Lic_Gen.aspx"); //<-- If Admin
}
else
{
Response.Redirect("Cust_Page.aspx"); //<-- If Customer
}
//CODE 2
//string connectionString = WebConfigurationManager.ConnectionStrings["Gen_LicConnectionString3"].ConnectionString;
//string selectSQL = "SELECT User_Type FROM User_Details WHERE [LoginID]=@LoginID AND [Password] = @Password";
//SqlConnection con = new SqlConnection(connectionString);
//SqlCommand cmd = new SqlCommand(selectSQL, con);
//SqlDataAdapter adapter = new SqlDataAdapter(cmd);
//DataSet ds = new DataSet();
//if (cmd.Equals(1))
//{
// Response.Redirect("Lic_Gen.aspx");
//}
//else
//{
// Response.Redirect("Cust_Page.aspx");
//}
答案 0 :(得分:0)
这是没有使用成员资格模型的最简单方法。这是一种使用datareader的简单方法。
SqlDataReader sdrDatanew = null;
string strnew;
string connectionString = WebConfigurationManager.ConnectionStrings["Gen_LicConnectionString"].ConnectionString;
SqlConnection connew = new SqlConnection(connectionString);
connew.Open();
strnew = "select User_Type from User_Details where User_Type='" + ddlUserSel.SelectedItem.Value + "' AND LoginID = '" + txtUserName.Text + "' AND Password = '" + txtPassword.Text + "'";
SqlCommand sqlCommnew = new SqlCommand(strnew, connew);
sdrDatanew = sqlCommnew.ExecuteReader();
int userType = 0;
if (sdrDatanew.HasRows)
{
if (sdrDatanew.Read())
{
userType = Convert.ToInt32(sdrDatanew["User_Type"].ToString());
}
}
switch (userType)
{
case 0:
Response.Redirect("Lic_Gen.aspx");
break;
case 1:
Response.Redirect("Cust_Page.aspx");
break;
default:
Console.WriteLine("Invalid User/Password");
Console.ReadLine();
break;
}
connew.Close();