工作,我想使基於餅乾登錄系統(不是唱出來的頁面關閉或刷新時)登錄使用cookie是不是在ASP.net
這是爲Login.aspx後面的代碼。 cs:
string cmdText = "SELECT Username,Role FROM Login WHERE Username = '" + TextBox1.Text + "' AND Password = '" + TextBox2.Text + "'";
string username = "";
string role = "";
using (SqlCommand SelectCommand = new SqlCommand(cmdText, connectionstring))
{
SqlDataReader myReader;
connectionstring.Open();
myReader = SelectCommand.ExecuteReader();
while (myReader.Read())
{
username = myReader["username"].ToString();
role = myReader["role"].ToString();
}
myReader.Close();
if (!string.IsNullOrEmpty(username))
{
string script = "alert(\"Login successful!\");";
ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true);
connectionstring.Close();
//STORE userinfo into cookie,set cookie Expires 1 day more
Response.Cookies["username"].Path = username;
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
Response.Cookies["role"].Path = role;
Response.Cookies["role"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["role"].Path = "/";
if (role.Equals("admin"))
{
Response.Redirect("admin.aspx");
Label1.Text = "admin";
}
if (role.Equals("doctor"))
{
Response.Redirect("doctor.aspx");
Label1.Text = "doc";
}
if (role.equals("patient"))
{
Response.Redirect("patient.aspx");
}
}
else
{
string script = "alert(\"Login Failed!\");";
ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true);
connectionstring.Close();
}
}
}
但看起來像我在重定向到我想要的頁面有問題。 當我輸入管理員角色的用戶名和密碼。它說,登錄成功,但沒有進入管理頁面。 這是爲什麼?我錯過了什麼嗎?
對於管理員(和其他網頁)我用這個代碼讀取餅乾
string role = "";
string username = "";
if (Request.Cookies["role"] != null)
{
role = Request.Cookies["role"].Value;
}
if (Request.Cookies["role"] != null)
{
username = Request.Cookies["username"].Value;
}
if (role == "patient ")
{
//SET control visible=false if no right.
Button1.Visible = false;
}
,這給登錄後修改cookies和/或用戶喊了一聲
//create cookie
Response.Cookies["username"].Value = Server.UrlEncode("abc");
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
//modify cookie value
Response.Cookies["username"].Value = Server.UrlEncode("def");;
Response.Cookies["username"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["username"].Path = "/";
//delete cookie value
//delete cookie infact is set Expires is past day DateTime.Now.AddDays(-1);
Response.Cookies["username"].Value = Server.UrlEncode("def");
Response.Cookies["username"].Expires = DateTime.Now.AddDays(-1);
Response.Cookies["username"].Path = "/";
//checking if cookie exist and reading it.
if (Request.Cookies["role"] != null)
{
role = Server.UrlDecode(Request.Cookies["role"].Value);
}
但照顧就像我錯過了一些我不瞭解的東西。我認爲問題是如果功能,在這裏:
if (role.Equals("admin"))
有什麼建議嗎?這是使用cookie的正確方法嗎?
爲什麼重新發明車輪? asp.net已經內置了所有這些功能。由於您的代碼現在非常容易受到SQL注入的影響,您的Cookie可能不安全。 Google'asp net authentication'或者閱讀這篇文章:http://www.c-sharpcorner.com/uploadfile/syedshakeer/formsauthentication-in-Asp-Net/ – VDWWD
你是否收到response.redirect的錯誤信息? – Balaji
@Balaji我無法重新連接到我想要的頁面。根據角色(醫生),我沒有被重定向到任何頁面。它只是呆在那裏,在登錄頁面。 – berg96