formsauthenticationticket不进行身份验证

时间:2014-01-09 18:59:30

标签: c# asp.net

我之前使用过这个,我正在复制我的旧代码,但没有工作。

这是我的登录按钮点击

 try
    {

        SqlConnection baglanti1 = new SqlConnection(ConfigurationManager.ConnectionStrings["bag1"].ConnectionString);
        baglanti1.Open();

        string eposta = Request.Form["eposta"];
        string sifre = Request.Form["sifre"];

        SqlCommand komut1 = new SqlCommand("Select yetki from yoneticiler where eposta='" + eposta + "' and sifre='" + sifre + "'", baglanti1);
        SqlDataReader kontrol = komut1.ExecuteReader();
        //Response.Write("<script>alert('" + kontrol.Read() + "')</script>");

        if (kontrol.Read())
        {
            Response.Write("<script>alert('aaa')</script>");
            FormsAuthenticationTicket bilet = new FormsAuthenticationTicket(1, eposta, DateTime.Now, DateTime.Now.AddMinutes(180), false, kontrol.GetString(0), FormsAuthentication.FormsCookiePath);
            Response.Write("<script>alert('bbb')</script>");
            string encTicket = FormsAuthentication.Encrypt(bilet);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
            Response.Write("<script>alert('ccc')</script>");
            if (bilet.IsPersistent) cookie.Expires = bilet.Expiration;
            {
                Response.Cookies.Add(cookie);
            }
            Response.Write("<script>alert('ddd')</script>");
            //string returnUrl = Request.QueryString["ReturnUrl"];
            //if (returnUrl == null) returnUrl = "panel.aspx";

            Response.Redirect("panel.aspx");

        }
        else
        {
            Response.Write("<script>alert('Hatalı giriş')</script>");
        }

        baglanti1.Close();
        kontrol.Close();

我放了一些消息框(你可以在图片中看到),但它在“aaa”之后停止。

我认为这行做错了,因为它传递了“if(kontrol.Read())”

FormsAuthenticationTicket bilet = new FormsAuthenticationTicket(1, eposta, DateTime.Now, DateTime.Now.AddMinutes(180), false, kontrol.GetString(0), FormsAuthentication.FormsCookiePath);

我的Global.asax

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    if (HttpContext.Current.User != null)
    {
        if (HttpContext.Current.User.Identity.IsAuthenticated)
        {
            if (HttpContext.Current.User.Identity is FormsIdentity)
            {
                FormsIdentity id =
                    (FormsIdentity)HttpContext.Current.User.Identity;
                FormsAuthenticationTicket ticket = FormsAuthentication.RenewTicketIfOld(id.Ticket);

                // Get the stored user-data, in this case, our roles
                string userData = ticket.UserData;
                string[] roles = userData.Split(',');
                string userString = HttpContext.Current.User.ToString();
                HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
            }
        }
    }
}

和web.config

<system.web>

  <compilation defaultLanguage="c#" debug="true" targetFramework="4.5">  
  <codeSubDirectories>
    <add directoryName="CS"></add>
  </codeSubDirectories>
  </compilation>

  <authentication mode="Forms">
    <forms name=".ASPXROLEBASED" loginUrl="panel/default.aspx" protection="All" timeout="180" path="/"/>
  </authentication>

  <authorization>
  <!-- Root dizininde yer alan tüm sayfaları public yapıp her kullanıcıya erişim hakkı veriliyor.-->
  <allow users="*"/>
  </authorization>

  <httpRuntime targetFramework="4.5" />
  <globalization uiCulture="tr" culture="tr-TR" requestEncoding="ISO-8859-9" responseEncoding="ISO-8859-9" fileEncoding="ISO-8859-9"/>

</system.web>


<location path="panel">
  <system.web>
    <authorization>
      <deny users="*"/>
      <allow roles="5"/>

    </authorization>
  </system.web>
</location>

我在网上看了将近4个小时。尝试一切但从未奏效。请帮助。

1 个答案:

答案 0 :(得分:0)

我解决了这个问题。它不是代码。我从mssql db获得角色。角色列类型为整数,“kontrol.GetString(0)”无法将int转换为字符串。所以我将角色列类型更改为nvarchar,现在正在工作。