当前位置: 动力学知识库 > 问答 > 编程问答 >

redirect - asp.net login problem

问题描述:

I seem to cant set up an authentication system in asp.net

I have code for a login system:

protected void btnlogin_Click(object sender, EventArgs e)

{

PageUser myUser = new PageUser();

if (myUser.AuthenticateUser(txtUsername.Text, txtPassword.Text))

{

// entry found

HttpCookie myCookie;

DateTime now = DateTime.Now;

myCookie = new HttpCookie("UserName");

myCookie.Value = myUser.UserName;

myCookie.Expires = now.AddMinutes(30);

Response.Cookies.Add(myCookie);

myCookie = new HttpCookie("LoginID");

myCookie.Value = myUser.UserLoginID.ToString();

myCookie.Expires = now.AddMinutes(30);

Response.Cookies.Add(myCookie);

lblResult.Visible = false;

FormsAuthentication.SetAuthCookie(myUser.UserName + " " + myUser.UserLoginID.ToString(), true);

Response.Redirect("AdminView.aspx");

}

else

{

// entry not found

lblResult.Text = "<b>Invalid logon attempt<b>";

lblResult.ForeColor = System.Drawing.Color.FromName("Red");

lblResult.Visible = true;

}

}

The authentication method works fine, but when I do not login it still lets me redirect twords the AdminView even though the person didnt login.

Code I am having difficulty with:

protected void Page_Load(object sender, EventArgs e)

{

if (!Page.IsPostBack)

{

}

string userName = "";

string[] splits;

try

{

if (this.Page.User.Identity.IsAuthenticated)

{

splits = this.Page.User.Identity.Name.Split(new char[1] { ' ' });

userName = splits[0] + " " + splits[1];

}

else

{

Response.Redirect("default.aspx");

}

txtLoggedInUser.Text += " - " + userName;

}

catch

{

Response.Redirect("default.aspx");

}

}

I am not sure how to write this code so it would redirect a person back to the login page when they try to visit the admin page.

网友答案:

To restrict an unauthenticated user to the AdminView.aspx page, you have to add below into the configuration section of the web.configfile.

<location path="AdminView.aspx">
<system.web>
    <authorization>
        <deny users="?"/>               
    </authorization>
</system.web>

<deny users="?"/> mean's the unauthenticated user will not be able to access the file/folder AdminView.aspx

分享给朋友:
您可能感兴趣的文章:
随机阅读: