要为后台写一个登陆界面,asp.net 自带Login空间,因为直接就可以了。
双击添加的Login空间将出现如下代码:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
bool Authenticated = false;
// Authenticated = AdminDB.Login(Login1.UserName,Login1.Password);
Authenticated = Membership.ValidateUser(Login1.UserName, Login1.Password);
e.Authenticated = Authenticated;
if (Authenticated == true)
{
Response.Redirect("自定义跳转方向,如http://163.com或index.aspx");
}
else
Login1.FailureText = "用户名或密码错误";
}
这里直接调用了System.Web.Security.Membership.ValidateUser(username,password)方法,这样就不用自己再写验证sql语句了。
不过这里的ValidateUser(username,password)只能验证用户名和密码是否匹配,而不能验证其他的内容,为了能够自定义验证内容,我们写了一个验证程序。代码如下:
AdminDB.cs
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using MyProviders;
/// <summary>
/// AdminDB 的摘要说明
/// </summary>
///
namespace NewsSystem
{
public class AdminDB
{
public AdminDB()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public static bool Login(string name, string pwd)
{
SqlConnection conn = NewsDB.CreatCon();
try
{
// String strsql = "select * from dbo.AdminUser where mg_login=@login and mg_pwd=@pwd";
//限定UserRoles.roleid=0即只有管理员角色才能登录
//需要注意的是这里字符串很长,在换行时首字符最好流出一个空格。
string strsql = "select * from (((aspnet_Membership INNER JOIN aspnet_users ON "+
" aspnet_Membership.UserId = aspnet_users.UserId) INNER JOIN Users ON "+
" aspnet_users.username=Users.username) INNER JOIN UserRoles ON "+
" Users.userid=UserRoles.userid) where Users.Username=@name and aspnet_Membership.password=@pwd "+
" and UserRoles.roleid=0";
SqlParameter[] paras = new SqlParameter[2];
paras[0] = new SqlParameter("@name", SqlDbType.VarChar, 50);
paras[0].Value = name;
paras[1] = new SqlParameter("@pwd", SqlDbType.VarChar, 50);
//paras[1].Value = pwd;
paras[1].Value = MyProviders.MySQLMembershipProvider.GetMd5(pwd);//将密码转化为md5格式
SqlCommand cmd = new SqlCommand(strsql, conn);
for (int i = 0; i < paras.Length; i++)
{
cmd.Parameters.Add(paras[i]);
}
conn.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
return true;
}
}
catch (Exception ex)
{
throw ex;
}
finally
{
conn.Close();
}
return false;
}
}
}
NewsDB.cs
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
/// <summary>
/// DB 的摘要说明
/// </summary>
///
namespace NewsSystem
{
public class NewsDB
{
public NewsDB()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public static SqlConnection CreatCon()
{
string str = ConfigurationManager.AppSettings["SiteSqlServer"];
return new SqlConnection(str);
}
public static bool Getcmd(String strsql, params SqlParameter[] paras)
{
SqlConnection conn = NewsDB.CreatCon();
try
{
conn.Open();
SqlCommand cmd = new SqlCommand(strsql, conn);
for (int i = 0; i < paras.Length; i++)
{
cmd.Parameters.Add(paras[i]);
}
int a = Convert.ToInt32(cmd.ExecuteNonQuery());
if (a > 0)
{
return true;
}
}
catch (Exception ex)
{
throw ex;
}
finally
{
conn.Close();
}
return false;
}
public static DataSet Getds(String strsql)
{
SqlConnection con = NewsDB.CreatCon();
DataSet ds = null;
try
{
SqlDataAdapter da = new SqlDataAdapter(strsql, con);
ds = new DataSet();
da.Fill(ds);
}
catch (Exception er)
{
throw er;
}
return ds;
}
}
}
在
public static bool Login(string name, string pwd){}
中我们可以自定义sql语句,比如我们上面的例子就有验证了用户的角色。
参考文章:Visual Studio 2005 Login 控件的使用
作者:xwdreamer