我有一個使用asp.net登錄控件的web應用程序。另外,我還使用密碼恢復控制讓用戶恢復密碼。一旦用戶在恢復控制中輸入了他們的詳細信息,包含驗證URL的電子郵件將發送到用戶的電子郵件地址。點擊URL後,它將引導用戶進入我的Web應用程序的UserProfile,它在裏面允許用戶更改他們的密碼。忘記密碼URL
現在的問題是,因爲我設置了訪問規則UserProfile.aspx來拒絕匿名用戶,當我從URL重定向到UserProfile.aspx頁面時,它將我引導到LoginPage,而不是(系統識別我作爲匿名用戶)。
這是爲什麼?一旦URL被點擊(包括所有用戶信息),我可以在哪裏找到用戶配置文件頁面?
的URL看起來像這樣:
http://localhost:1039/Members/UserProfile.aspx?ID=56f74cc7-7680-4f1b-9207-0ab8dad63cad
當URL的最後一部分實際上是用戶ID。
這裏是USERPROFILE ASPX代碼:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:ASPNETDBConnectionString1 %>"
SelectCommand="SELECT aspnet_Membership.Email, Details.CustName, Details.CustNum, Details.CustRole, Details.CustStatus, Details.PName, Details.PEmail, Details.PRole, Details.WedDate, aspnet_Users.UserName, Details.UserId FROM Details INNER JOIN aspnet_Membership ON Details.UserId = aspnet_Membership.UserId INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId WHERE (Details.UserId = @UserId)"
UpdateCommand="update Details SET CustName = @CustName, CustNum = @CustNum, CustRole = @CustRole, CustStatus = @CustStatus, PName = @PName, PEmail = @PEmail, PRole = @PRole, WedDate = @WedDate WHERE [UserId] = @UserId
Update aspnet_Membership Set Email= @email WHERE [UserId] = @UserId"
DeleteCommand= "DELETE FROM Details WHERE UserId = @UserId;">
<DeleteParameters>
<asp:ControlParameter ControlID="lblHidden" Name="UserId" PropertyName="Text"
Type="String" />
</DeleteParameters>
<SelectParameters>
<asp:ControlParameter ControlID="lblHidden" Name="UserId" PropertyName="Text" />
</SelectParameters>
<UpdateParameters>
<asp:Parameter Name="CustName" />
<asp:Parameter Name="CustNum" />
<asp:Parameter Name="CustRole" />
<asp:Parameter Name="CustStatus" />
<asp:Parameter Name="PName" />
<asp:Parameter Name="PEmail" />
<asp:Parameter Name="PRole" />
<asp:Parameter Name="WedDate" />
<asp:Parameter Name="UserId" />
<asp:Parameter Name="email" />
</UpdateParameters>
</asp:SqlDataSource>
<asp:DetailsView ID="DetailsView1" runat="server" AutoGenerateRows="False"
DataSourceID="SqlDataSource1" Height="50px" Width="125px">
<Fields>
<asp:BoundField DataField="Email" HeaderText="Email" SortExpression="Email" />
<asp:BoundField DataField="CustName" HeaderText="CustName"
SortExpression="CustName" />
<asp:BoundField DataField="CustNum" HeaderText="CustNum"
SortExpression="CustNum" />
<asp:BoundField DataField="CustRole" HeaderText="CustRole"
SortExpression="CustRole" />
<asp:BoundField DataField="CustStatus" HeaderText="CustStatus"
SortExpression="CustStatus" />
<asp:BoundField DataField="PName" HeaderText="PName" SortExpression="PName" />
<asp:BoundField DataField="PEmail" HeaderText="PEmail"
SortExpression="PEmail" />
<asp:BoundField DataField="PRole" HeaderText="PRole" SortExpression="PRole" />
<asp:BoundField DataField="WedDate" HeaderText="WedDate"
SortExpression="WedDate" />
<asp:BoundField DataField="UserName" HeaderText="UserName"
SortExpression="UserName" />
<asp:BoundField DataField="UserId" HeaderText="UserId"
SortExpression="UserId" />
<asp:CommandField ShowEditButton="True" />
</Fields>
</asp:DetailsView>
<asp:Label ID="lblHidden" runat="server" Text="Label" Visible="False"></asp:Label>
<asp:Button ID="btnDelete" runat="server" onclick="btnDelete_Click"
Text="Delete" />
這裏是後面的代碼:
protected void Page_Load(object sender, EventArgs e)
{
MembershipUser currentUser = Membership.GetUser();
lblHidden.Text = currentUser.ProviderUserKey.ToString();
}
protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
{
// Get a reference to the currently logged on user
MembershipUser currentUser = Membership.GetUser();
// Determine the currently logged on user's UserId value
// Assign the currently logged on user's UserId to the @UserId parameter
//access the parameter value using e.Command.Parameters
//programmatically set the @UserId:
e.Command.Parameters["@UserId"].Value = currentUser.ProviderUserKey.ToString();
}
protected void btnDelete_Click(object sender, EventArgs e)
{
SqlConnection connection = new SqlConnection();
connection.ConnectionString = ConfigurationManager.ConnectionStrings["ASPNETDBConnectionString1"].ConnectionString;
SqlCommand cmd = new SqlCommand();
SqlCommand cmd1 = new SqlCommand();
string userId = lblHidden.Text;
cmd.Connection = connection;
cmd.CommandText = "DELETE FROM Details WHERE UserId ='" + userId + "'";
cmd1.Connection = connection;
cmd1.CommandText = "DELETE FROM aspnet_Membership WHERE UserId ='" + userId + "'";
connection.Open();
cmd.ExecuteNonQuery();
cmd1.ExecuteNonQuery();
connection.Close();
Response.Redirect("Home.aspx");
}
其次,有沒有什麼辦法,我可以設置到期的網址是什麼?如果第二次點擊該URL,則不會將用戶重定向到任何地方。我看到很多帖子,他們中的大多數人建議在數據庫中添加一列。有沒有其他方式可以在不觸碰數據庫的情況下設置到期日?
你是否在你的應用中創建了角色? – 2012-07-16 16:25:16
嗨,我沒有在.Net配置中創建任何角色。 – user1529419 2012-07-17 03:21:45