我想问一下如何使用Request String使用validate user加载页面。 我的代码如下:
protected void Page_Load(object sender, EventArgs e)
{
string ValidateUser = Request.QueryString["inisial"];
if (ValidateUser != null)
{
Response.Redirect("Home.aspx");
}
string x = Request.QueryString["ind"];
if (ValidateUser != null)
{
Response.Redirect("Home.aspx");
}
}
protected void ValidateUser(object sender, EventArgs e)
{
int userId = 0;
string constr = ConfigurationManager.ConnectionStrings["dbConn"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("Validate_User"))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Username", Request.QueryString["inisial"]);
cmd.Parameters.AddWithValue("@Password", Request.QueryString["ind"]);
cmd.Connection = con;
con.Open();
userId = Convert.ToInt32(cmd.ExecuteScalar());
con.Close();
}
switch (userId)
{
case -1:
Login1.FailureText = "Username and/or password is incorrect.";
break;
case -2:
Login1.FailureText = "Account has not been activated.";
break;
default:
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
break;
}
}
}
我尝试使用请求字符串登录系统以使用url更改用户名和密码:
http://default.aspx?id_sistem=24&inisial=gdm&ind=7/17/2004 4:50:40 PM
示例: username =(gdm),password =(7/17/2004 4:50:40)
如果我错了,请纠正我 感谢
答案 0 :(得分:0)
我不认为您应该在URL中使用查询字符串作为用户名和密码,我建议创建一个用户通过身份验证的方法,然后设置一个存储bool的会话变量,无论用户是是否经过验证。
protected void Page_Load(object sender, EventArgs e)
{
if (Session["Authenticated"] != null)
{
bool authenticated = Convert.ToBoolean(Session["Authenticated"]);
if (!authenticated)
{
Response.Redirect("~/Home.aspx");
}
}
}