login.aspx xml 验证 - 王朝网络宽屏版

配置文件：

<system.web>

</authentication>

</authorization>

</system.web>

</configuration>

xml文件：

<Users>

<UserEmail>jchen@contoso.com</UserEmail>

BA56E5E0366D003E98EA1C7F04ABF8FCB3753889

</UserPassword>

</Users>

<Users>

<UserEmail>Kim@contoso.com</UserEmail>

07B7F3EE06F278DB966BE960E7CBBD103DF30CA6

</UserPassword>

</Users>

<%@ Page LANGUAGE="c#" %>

<%@ Import Namespace="System.Data" %>

<%@ Import Namespace="System.Data.SqlClient" %>

<%@ Import Namespace="System.Web.Security " %>

<%@ Import Namespace="System.IO" %>

<html>

<head>

<title>Forms Authentication</title>

private void Login_Click(Object sender, EventArgs e)

{

if( !Page.IsValid )

{

Msg.Text = "Some required fields are invalid.";

return;

}

String cmd = "UserEmail='" + UserEmail.Value + "'";

DataSet ds = new DataSet();

FileStream fs = new FileStream(Server.MapPath("Users.xml"),

FileMode.Open,FileAccess.Read);

StreamReader reader = new StreamReader(fs);

ds.ReadXml(reader);

fs.Close();

DataTable users = ds.Tables[0];

DataRow[] matches = users.Select(cmd);

if( matches != null && matches.Length > 0 )

{

DataRow row = matches[0];

string hashedpwd =

FormsAuthentication.HashPasswordForStoringInConfigFile

(UserPass.Value, "SHA1");

String pass = (String)row["UserPassword"];

if( 0 != String.Compare(pass, hashedpwd, false) )

// Tell the user if no password match is found. It is good

// security practice give no hints about what parts of the

// logon credentials are invalid.

Msg.Text = "Invalid Credentials: Please try again";

else

// If a password match is found, redirect the request

// to the originally requested resource (Default.aspx).

FormsAuthentication.RedirectFromLoginPage

(UserEmail.Value, Persist.Checked);

}

else

{

If no name matches were found, redirect the request to the AddUser page using a Response.Redirect command.

Response.Redirect("AddUser/AddUser.aspx");

}

</script>

<body>

<h3><font face="Verdana">Login Page</font></h3></span>

<table>

<tr>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserEmail"

Display="Static"

ErrorMessage="*"

runat="server"/>

</td>

<td><asp:RegularExpressionValidator id="RegexValidator"

ControlToValidate="UserEmail"

ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"

EnableClientScript="false"

Display="Static"

ErrorMessage="Invalid format for e-mail address."

runat="server"/>

</td>

</tr>

<tr>

<td>Password:</td>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserPass"

Display="Static"

ErrorMessage="*"

runat="server"/>

</td>

</tr>

<tr>

<td>Persistent Cookies:</td>

<td><ASP:CheckBox id=Persist runat="server"

autopostback="true" />

</td>

</tr>

</table>

<input type="submit" OnServerClick="Login_Click" Value="Login"

runat="server"/><p>

<asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"

Font-Size="10" runat="server" />

</form>

</body>

</html>

addUser.aspx

<%@ Page LANGUAGE="c#" %>

<%@ Import Namespace="System.Data" %>

<%@ Import Namespace="System.Data.SqlClient" %>

<%@ Import Namespace="System.Web.Security " %>

<%@ Import Namespace="System.IO" %>

<html>

<head>

<title>Forms Authentication</title>

private void Page_Load(Object Src, EventArgs e)

{

String email = Request.QueryString["UserEmail"];

if( null != email )

UserEmail.Value = email;

}

private void AddUser_Click(Object sender, EventArgs e)

{

if( !Page.IsValid )

{

Msg.Text = "Some required fields are invalid.";

return;

}

DataSet ds = new DataSet();

String userFile = "users.xml";

FileStream fs = new FileStream(Server.MapPath(userFile),

FileMode.Open,FileAccess.Read);

StreamReader reader = new StreamReader(fs);

ds.ReadXml(reader);

fs.Close();

string hashedpwd =

FormsAuthentication.HashPasswordForStoringInConfigFile

(UserPass.Value, "SHA1");

DataRow newUser = ds.Tables[0].NewRow();

newUser["UserEmail"] = UserEmail.Value;

newUser["UserPassword"] = hashedpwd;

ds.Tables[0].Rows.Add(newUser);

ds.AcceptChanges();

fs = new FileStream(Server.MapPath(userFile), FileMode.Create,

FileAccess.Write|FileAccess.Read);

StreamWriter writer = new StreamWriter(fs);

ds.WriteXml(writer);

writer.Close();

fs.Close();

Response.Redirect("Default.aspx");

}

</script>

<body>

</div>

<table>

<tr>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserEmail"

Display="Static"

ErrorMessage="*"

runat=server/>

</td>

<td><asp:RegularExpressionValidator id="RegexValidator"

ControlToValidate="UserEmail"

ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"

EnableClientScript="false"

Display="Static"

ErrorMessage="Invalid format for e-mail address."

runat="server"/>

</td>

</tr>

<tr>

<td>Password:</td>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserPass"

Display="Static"

ErrorMessage="*"

runat=server/>

</td>

</tr>

<tr>

<td>Persistent Forms:</td>

<td><ASP:CheckBox id=Persist runat="server"

autopostback="true" />

</td>

</tr>

</table>

<input type="submit" OnServerClick="AddUser_Click" Value="Add User"

runat="server"/><p>

<asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"

Font-Size="10" runat=server />

</form>

</body>

</html>

Default.aspx

<%@ Page LANGUAGE="c#" %>

<html>

<title>Forms Authentication</title>

private void Page_Load(Object Src, EventArgs e)

{

Welcome.InnerHtml = "Hello, " +

Server.HtmlEncode(User.Identity.Name);

}

private void Signout_Click(Object sender, EventArgs e)

{

FormsAuthentication.SignOut();

Response.Write("Logged out - cookie deleted.");

}

</script>

<body>

<h3><font face="Verdana">Forms Authentication Example</font></h3>

[1] [2] 下一页