开发者

Is this accepted as an example using session?

问答 作者:

Update to my Question ..

the best way to achieve acceptable security is to use ASP.NET Web Site Administration Tool the following is only a demo to use session but it is NOT RECOMMENDED for professional use.

Please follow the advice of PhillFox to achieve better results

Login.aspx

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Login.aspx.vb" Inherits="Login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>

</div>
UserName<br />
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
Password<br />
<asp:TextBox ID="TextBox2" runat="server" TextMode="Password"></asp:TextBox>
<br />
<asp:Button ID="Button1" runat="server" Text="Login" />
<asp:AccessDataSource ID="AccessDataSource1" runat="server" 
    DataFile="~/App_Data/pr.mdb" 
    SelectCommand="SELECT [username], [role] FROM [users] WHERE (([username] = ?) AND ([password] = ?))">
    <S开发者_开发知识库electParameters>
        <asp:ControlParameter ControlID="TextBox1" Name="username" PropertyName="Text" 
            Type="String" />
        <asp:ControlParameter ControlID="TextBox2" Name="password" PropertyName="Text" 
            Type="String" />
    </SelectParameters>
</asp:AccessDataSource>
</form>
</body>
</html>

Login.aspx.vb

Imports System.Data.OleDb

Partial Class Login
Inherits System.Web.UI.Page


Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)     Handles Button1.Click

    Dim mygr As New GridView
    mygr.DataSource = AccessDataSource1
    mygr.DataBind()
    Me.form1.Controls.Add(mygr)

    If mygr.Rows.Count > 0 Then
        Session("username") = TextBox1.Text
        Session("role") = mygr.Rows(0).Cells(1).Text.ToString
        Response.Redirect("default.aspx")
    Else
        Response.Redirect("login.aspx")
    End If
End Sub


End Class

They best way to handle security for you site is to use .Net's built in Forms Authentication. You can learn more by reviewing this walk through on the MSDN site: http://msdn.microsoft.com/en-us/library/879kf95c(VS.80).aspx.

i agree with phillfox the .Net membership of course is much superior than your solution, however if you decide to use an access database in your backend keep in mind that:

-you cant use LINQ to SQL with access backend

-max 2GB

-max 256 concurrent connection

继续阅读:asp.netsession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9