首 页 | 新 闻 | 技术中心 | 第二书店 | 《程序员》 | 《开发高手》 | 社 区 | 黄 页 | 人 才
移 动专 题SUNIBM微 软微 创精 华Donews人 邮
我的技术中心 
我的分类 我的文档
全部文章 发表文章
专栏管理 使用说明



 RSS 订阅 
最新文档列表
Windows/.NET
.NET  (rss)    
Visual C++  (rss)    
Delphi  (rss)    
Visual Basic  (rss)    
ASP  (rss)    
JavaScript  (rss)    
Java/Linux
Java  (rss)    
Perl  (rss)    
综合
其他开发语言  (rss)    
文件格式  (rss)    
企业开发
游戏开发  (rss)    
网站制作技术  (rss)    
数据库
数据库开发  (rss)    
软件工程
其他  (rss)    

积极原创作者 
coofucoo (105)
Drate (69)
lphpc (30)
smallnest (61)
iiprogram (64)
downmoon (32)
danny_xcz (49)
btbtd (81)
qingrun (66)
tyrone1979 (21)
CSDN - 文档中心 - .NET 阅读:3094   评论: 0    参与评论
标题   login.aspx xml 验正     选择自 tingningpower 的 Blog
关键字   login asp.net xml
出处  

配置文件:

<configuration>
   <system.web>
      <authentication mode="Forms" >
         <forms    loginUrl = "login.aspx"     name = "FORMSAUTHCOOKIE"/>
      </authentication>
      <authorization>
         <deny users="?" />
      </authorization>
   </system.web>
</configuration>

xml文件:

<Users>
   <Users>
      <UserEmail>jchen@contoso.com</UserEmail>
      <UserPassword>
         BA56E5E0366D003E98EA1C7F04ABF8FCB3753889
      </UserPassword>
   </Users>
   <Users>
      <UserEmail>Kim@contoso.com</UserEmail>
      <UserPassword>
         07B7F3EE06F278DB966BE960E7CBBD103DF30CA6
      </UserPassword>
   </Users>
</Users>


login.aspx文件:

<%@ Page LANGUAGE="c#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ Import Namespace="System.IO" %>

<html>
<head>
<title>Forms Authentication</title>
<script runat=server>
private void Login_Click(Object sender, EventArgs e)
{
   if( !Page.IsValid )
   {
      Msg.Text = "Some required fields are invalid.";
      return;
   }
   String cmd = "UserEmail='" + UserEmail.Value + "'";
   DataSet ds = new DataSet();
   FileStream fs = new FileStream(Server.MapPath("Users.xml"),
                                  FileMode.Open,FileAccess.Read);
   StreamReader reader = new StreamReader(fs);
   ds.ReadXml(reader);
   fs.Close();
   DataTable users = ds.Tables[0];
   DataRow[] matches = users.Select(cmd);
   if( matches != null && matches.Length > 0 )
   {
      DataRow row = matches[0];
      string hashedpwd =
         FormsAuthentication.HashPasswordForStoringInConfigFile
            (UserPass.Value, "SHA1");
      String pass = (String)row["UserPassword"];
      if( 0 != String.Compare(pass, hashedpwd, false) )
         // Tell the user if no password match is found. It is good 
         // security practice give no hints about what parts of the
         // logon credentials are invalid.
         Msg.Text = "Invalid Credentials: Please try again";
      else
         // If a password match is found, redirect the request
         // to the originally requested resource (Default.aspx).
         FormsAuthentication.RedirectFromLoginPage
            (UserEmail.Value, Persist.Checked);
   }
   else
   {
If no name matches were found, redirect the request to the AddUser page using a Response.Redirect command.
      Response.Redirect("AddUser/AddUser.aspx");
   }
}
</script>
<body>
<form runat=server>
   <span style="background:#80FF80">
   <h3><font face="Verdana">Login Page</font></h3></span>
   <table>
      <tr>
         <td>e-mail:</td>
         <td><input id="UserEmail" type="text" runat=server/></td>
         <td><ASP:RequiredFieldValidator
             ControlToValidate="UserEmail"
             Display="Static"
             ErrorMessage="*"
             runat="server"/>
         </td>        
         <td><asp:RegularExpressionValidator id="RegexValidator"
             ControlToValidate="UserEmail"
             ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"
             EnableClientScript="false"
             Display="Static"
             ErrorMessage="Invalid format for e-mail address."
             runat="server"/>
         </td>
      </tr>
      <tr>   
         <td>Password:</td>
         <td><input id="UserPass" type=password runat=server/></td>
         <td><ASP:RequiredFieldValidator
                 ControlToValidate="UserPass"
                 Display="Static"
                 ErrorMessage="*"
                 runat="server"/>
         </td>
      </tr>
      <tr>
         <td>Persistent Cookies:</td>
         <td><ASP:CheckBox id=Persist runat="server"
                autopostback="true" />
         </td>
         <td></td>
      </tr>
   </table>
   <input type="submit" OnServerClick="Login_Click" Value="Login"
          runat="server"/><p>
   <asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"
              Font-Size="10" runat="server" />
</form>
</body>
</html>

addUser.aspx

<%@ Page LANGUAGE="c#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ Import Namespace="System.IO" %>
<html>
<head>
<title>Forms Authentication</title>
<script runat=server>
private void Page_Load(Object Src, EventArgs e)
{
   String email = Request.QueryString["UserEmail"];
   if( null != email )
      UserEmail.Value = email;
}
private void AddUser_Click(Object sender, EventArgs e)
{
   if( !Page.IsValid )
   {
      Msg.Text = "Some required fields are invalid.";
      return;   
   }
   DataSet ds = new DataSet();
   String userFile = "users.xml";
   FileStream fs = new FileStream(Server.MapPath(userFile),
      FileMode.Open,FileAccess.Read);
   StreamReader reader = new StreamReader(fs);
   ds.ReadXml(reader);
   fs.Close();
string hashedpwd =   
   FormsAuthentication.HashPasswordForStoringInConfigFile
      (UserPass.Value, "SHA1");
   DataRow newUser = ds.Tables[0].NewRow();
   newUser["UserEmail"] = UserEmail.Value;
   newUser["UserPassword"] = hashedpwd;
   ds.Tables[0].Rows.Add(newUser);
   ds.AcceptChanges();
   fs = new FileStream(Server.MapPath(userFile), FileMode.Create,
        FileAccess.Write|FileAccess.Read);
   StreamWriter writer = new StreamWriter(fs);
   ds.WriteXml(writer);
   writer.Close();
   fs.Close();
   Response.Redirect("Default.aspx");
}
</script>
<body>
<form runat=server>
   <div style="background:#ccccff">
      <h3><font face="Verdana">Add New User</font></h3>
   </div>
   <table>
      <tr>
         <td>Name:</td>
         <td><input id="UserEmail" type="text" runat=server/></td>
         <td><ASP:RequiredFieldValidator
                  ControlToValidate="UserEmail"
                  Display="Static"
                  ErrorMessage="*"
                  runat=server/>
            </td>
         <td><asp:RegularExpressionValidator id="RegexValidator"
             ControlToValidate="UserEmail"
             ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"
             EnableClientScript="false"
             Display="Static"
             ErrorMessage="Invalid format for e-mail address."
             runat="server"/>
            </td>
      </tr>
      <tr>   
         <td>Password:</td>
         <td><input id="UserPass" type=password runat=server/></td>
         <td><ASP:RequiredFieldValidator
            ControlToValidate="UserPass"
             Display="Static"
             ErrorMessage="*"
             runat=server/>
         </td>
      </tr>
      <tr>
         <td>Persistent Forms:</td>
         <td><ASP:CheckBox id=Persist runat="server"
                           autopostback="true" />
         </td>
      </tr>
   </table>
   <input type="submit" OnServerClick="AddUser_Click" Value="Add User"
                        runat="server"/><p>
   <asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"
                       Font-Size="10" runat=server />
</form>
</body>
</html>

Default.aspx

<%@ Page LANGUAGE="c#" %>
<html>
<title>Forms Authentication</title>
<script runat=server>
   private void Page_Load(Object Src, EventArgs e)
   {
      Welcome.InnerHtml = "Hello, " +  
         Server.HtmlEncode(User.Identity.Name);
   }
   private void Signout_Click(Object sender, EventArgs e)
   {
      FormsAuthentication.SignOut();
      Response.Write("Logged out - cookie deleted.");
   }
</script>

<body>
<h3><font face="Verdana">Forms Authentication Example</font></h3>
<span id="Welcome" runat=server/>
<form runat=server>
   <input type="submit" OnServerClick="Signout_Click"
          Value="Signout" runat="server"/><p>
</form>
</body>
</html>
相关文章
对该文的评论