我尝试使用http模块进行身份验证。我创建了一个类库项目。问题是,当用户登录并输入网址时,他未获得授权,效果很好。但匿名用户可以查看所有内容。
private void CheckForUserPageRights()
{
HttpSessionState Session = HttpContext.Current.Session;
try
{
// Does User have rights to requested page?
bool userHasPageRights;
string currentPageName = GetCurrentPageName();
if (currentPageName == "")
{
userHasPageRights = true;
}
DateTime startTime = DateTime.Now;
string pageKey = String.Format("{0}::{1}::{2}",
currentuser,
roles,
currentPageName);
string connStr1 = "Data Source=NISHANTH-PC\\SQLEXPRESS;Initial
Catalog=roletesting;Integrated Security=True";
using (SqlConnection conn1 = new SqlConnection(connStr1))
{
conn1.Open();
SqlParameter param1 = new SqlParameter();
param1.ParameterName = "@currentpagename";
param1.SqlDbType = SqlDbType.NVarChar;
param1.Direction = ParameterDirection.Input;
param1.Value = currentPageName;
SqlParameter param = new SqlParameter();
param.ParameterName = "@roles";
param.SqlDbType = SqlDbType.NVarChar;
param.Direction = ParameterDirection.Input;
param.Value = roles[0];
string hasaccess = "select PageRole.hasRights from PageRole,
aspnet_UsersInRoles, aspnet_Paths,aspnet_Roles,aspnet_Users where
aspnet_Paths.LoweredPath = @currentpagename and
aspnet_Paths.PathId=PageRole.PathId and PageRole.RoleId =
aspnet_Roles.RoleId and aspnet_Roles.RoleName=@roles ";
SqlCommand coi = new SqlCommand(hasaccess, conn1);
coi.Parameters.Add(param1);
coi.Parameters.Add(param);
string a = (string)coi.ExecuteScalar();
if (a == null )
{
userHasPageRights = true;
}
else if (a == "Y")
{
userHasPageRights = true;
}
else
userHasPageRights = false;
if (!userHasPageRights)
{
// application.Response.Redirect("AccessDenied.aspx");
HttpContext.Current.Response.Redirect("~/Error.aspx");
}
}
}
catch (Exception e)
{
}
所以,如果currentuser为null但未成功,我试图使用if语句。你能帮助我吗?