net中匹配用户名和密码

net中匹配用户名和密码

关注
发信
关注(28)粉丝(399)

在asp.net中匹配用户名和密码

本文介绍了在asp.net中匹配用户名和密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述



在我的登录页面中我有以下代码


in my login page i have the following code

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
        SqlCommand comand = new SqlCommand("Select UserName,Password FROM Users WHERE UserName=@Uname and Password = @Pass", con);
        comand.Parameters.AddWithValue("@Uname", this.txtUsername.Text);
        comand.Parameters.AddWithValue("@pass", this.txtPassword.Text);
        con.Open();
        SqlDataAdapter adpter = new SqlDataAdapter(comand);
        DataTable dt = new DataTable();
        adpter.Fill(dt);

        if (dt.Rows.Count < 0)
        {
            this.Label1.Text = "Login Failed!<br /> Username or Password is not correct";

        }
        else
        {

            Session["Logged"] = "Yes";
            Session["User"] = this.txtUsername.Text;
            Response.Redirect("Main.aspx");
        }



它允许访问Main.aspx页面,即使在文本框中输入的用户名和密码也不存在于数据库中

如何匹配在文本框中输入的用户名密码与从数据库中重新获得的值?


it allows access to the "Main.aspx" page even username and password entered in textboxes are not present in the database
how i can match the username password enterd in the textbox with those values retrived from database?

推荐答案

foreach(DataRow row in dt.Rows)
     {
         if(row["UserName"].ToString() == this.txtUsername.Text && row["Password"].ToString() == this.txtPassword.Text )
         {
           Session["Logged"] = "Yes";
           Session["User"] = this.txtUsername.Text;
           Response.Redirect("Main.aspx");
         }
         else
         {
           this.Label1.Text = "Login Failed!
           Username or Password is not correct";
         }
     }





朋友,你用来从DB获取数据的方式是不安全的。你应该使用stored-proc。



Friend, the way you are using to fetch data from DB is insecure. You should use stored-proc.


if (dt.Rows.Count < 0)





更改以上to



Change above to 

if (dt.Rows.Count ==0)
{
//Not allowed code
}
else if ((dt.Rows.Count >0)
{
//Allow Navigation to MainPage code

}


if (dt.Rows.Count < 0)
     {
         this.Label1.Text = "Login Failed!<br /> Username or Password is not correct";

     }
     else
     {

         Session["Logged"] = "Yes";
         Session["User"] = this.txtUsername.Text;
         Response.Redirect("Main.aspx");
     }



to


to

if (dt.Rows.Count <= 0)
       {
           this.Label1.Text = "Login Failed!<br /> Username or Password is not correct";

       }
       else
       {

           Session["Logged"] = "Yes";
           Session["User"] = this.txtUsername.Text;
           Response.Redirect("Main.aspx");
       }


这篇关于在asp.net中匹配用户名和密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-05 15:52
Powered by LMLPHP ©2024 net中匹配用户名和密码 0.047375