问题描述

好的，先生，我明白了，所以现在我更改我的代码
这是我的LOGIN.aspx代码

 导入 System.Math
导入 System.Web.Security
导入 System.Data.SqlClient
导入 System.Data
部分 类登录
    继承 System.Web.UI.Page

    受保护的  Sub  btnLogin_OnClick(> ByVal 发​​件人目标 对象， ByVal  e  As  System.EventArgs)句柄 btnLogin.Click
         Dim  strSQL  As   String 
         Dim  strUserURL  As  字符串
         Dim 连接 As  SqlClient.SqlConnection = 新建 SqlClient.SqlConnection(" 数据源= ML0003135586;集成安全性= SSPI;" & " 初始目录= TestSQL" )
        strSQL = "  SELECT * FROM [Tried]"  _
                    & "  WHERE用户名='" &替换(txtUsername.Text，" '" ，" ''")& " '"  _
                    & "  AND Password ='" & Replace(txtPassword.Text，" '" ，" ''")& " '" 
         Dim 命令 As  新建 SqlCommand(strSQL，联系)
        connection.Open()
        strUserURL = command.ExecuteScalar()
        connection.Close()
        如果 strUserURL<> " "  然后
            lblInvalid.Text = " " 
            FormsAuthentication.SetAuthCookie(txtUsername.Text，真)
            会话("  username1" )= txtUsername.Text
            Response.Redirect("  Chatroom.aspx" )
        其他
            lblInvalid.Text = " 对不起，请重试..." 
        结束 如果


    结束 子
结束 类 

然后在我的web.config上添加此代码

 <   system.web  > 
    <   customErrors    模式  ="  关闭" / > 
    <  身份验证   模式  ="  表单"  > 
      <  表单   名称  ="  .ASPXFORUM" 
 
                     span>      loginUrl   ="   LOGIN.aspx"   保护  ="  全部" 
 
                     span>    defaultUrl   ="  LOGIN.aspx" 
 
                     span>     超时  ="  > 30"     path   =" /"    / > 
    <  /authentication  > 
    <  授权 > 
      <  拒绝   用户  ="  ?"   / > 
    <  /authorization  > 
    <  编译   调试  ="   true" >  

现在，先生，我应该下一步吗?先生，我有很多.aspx页，是否应该全部更改?
谢谢您，先生，我现在知道我的错误了(我认为)

ok sirs Ive got your point so now i change my code
Here is my LOGIN.aspx code

Imports System.Math
Imports System.Web.Security
Imports System.Data.SqlClient
Imports System.Data
Partial Class LOGIN
    Inherits System.Web.UI.Page

    Protected Sub btnLogin_OnClick(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        Dim strSQL As String
        Dim strUserURL As String
        Dim connection As SqlClient.SqlConnection = New SqlClient.SqlConnection("Data Source=ML0003135586;Integrated Security=SSPI;" & "Initial Catalog=TestSQL")
        strSQL = "SELECT * FROM [Tried] " _
                    & "WHERE Username='" & Replace(txtUsername.Text, "'", "''") & "' " _
                    & "AND Password='" & Replace(txtPassword.Text, "'", "''") & "'"
        Dim command As New SqlCommand(strSQL, connection)
        connection.Open()
        strUserURL = command.ExecuteScalar()
        connection.Close()
        If strUserURL <> "" Then
            lblInvalid.Text = ""
            FormsAuthentication.SetAuthCookie(txtUsername.Text, True)
            Session("username1") = txtUsername.Text
            Response.Redirect("Chatroom.aspx")
        Else
            lblInvalid.Text = "Sorry... try again..."
        End If


    End Sub
End Class

and on my web.config I add this codes

<system.web>
    <customErrors mode="Off"/>
    <authentication mode="Forms">
      <forms name=".ASPXFORUM"

         loginUrl="LOGIN.aspx" protection="All"

        defaultUrl="LOGIN.aspx"

         timeout="30" path="/" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
    <compilation debug="true">

Now sir should i do next? Sirs I have a lot of .aspx page Should I change it all?
Thanks sirs i know now my mistakes(I think)

这篇关于页面有效性和认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！