login.aspx xml 验证

王朝asp·作者佚名  2006-11-24
窄屏简体版  字體: |||超大  

配置文件:

<configuration>

<system.web>

<authentication mode="Forms" >

<forms loginUrl = "login.aspx" name = "FORMSAUTHCOOKIE"/>

</authentication>

<authorization>

<deny users="?" />

</authorization>

</system.web>

</configuration>

xml文件:

<Users>

<Users>

<UserEmail>jchen@contoso.com</UserEmail>

<UserPassword>

BA56E5E0366D003E98EA1C7F04ABF8FCB3753889

</UserPassword>

</Users>

<Users>

<UserEmail>Kim@contoso.com</UserEmail>

<UserPassword>

07B7F3EE06F278DB966BE960E7CBBD103DF30CA6

</UserPassword>

</Users>

</Users>

login.aspx文件:

<%@ Page LANGUAGE="c#" %>

<%@ Import Namespace="System.Data" %>

<%@ Import Namespace="System.Data.SqlClient" %>

<%@ Import Namespace="System.Web.Security " %>

<%@ Import Namespace="System.IO" %>

<html>

<head>

<title>Forms Authentication</title>

<script runat=server>

private void Login_Click(Object sender, EventArgs e)

{

if( !Page.IsValid )

{

Msg.Text = "Some required fields are invalid.";

return;

}

String cmd = "UserEmail='" + UserEmail.Value + "'";

DataSet ds = new DataSet();

FileStream fs = new FileStream(Server.MapPath("Users.xml"),

FileMode.Open,FileAccess.Read);

StreamReader reader = new StreamReader(fs);

ds.ReadXml(reader);

fs.Close();

DataTable users = ds.Tables[0];

DataRow[] matches = users.Select(cmd);

if( matches != null && matches.Length > 0 )

{

DataRow row = matches[0];

string hashedpwd =

FormsAuthentication.HashPasswordForStoringInConfigFile

(UserPass.Value, "SHA1");

String pass = (String)row["UserPassword"];

if( 0 != String.Compare(pass, hashedpwd, false) )

// Tell the user if no password match is found. It is good

// security practice give no hints about what parts of the

// logon credentials are invalid.

Msg.Text = "Invalid Credentials: Please try again";

else

// If a password match is found, redirect the request

// to the originally requested resource (Default.aspx).

FormsAuthentication.RedirectFromLoginPage

(UserEmail.Value, Persist.Checked);

}

else

{

If no name matches were found, redirect the request to the AddUser page using a Response.Redirect command.

Response.Redirect("AddUser/AddUser.aspx");

}

}

</script>

<body>

<form runat=server>

<span style="background:#80FF80">

<h3><font face="Verdana">Login Page</font></h3></span>

<table>

<tr>

<td>e-mail:</td>

<td><input id="UserEmail" type="text" runat=server/></td>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserEmail"

Display="Static"

ErrorMessage="*"

runat="server"/>

</td>

<td><asp:RegularExpressionValidator id="RegexValidator"

ControlToValidate="UserEmail"

ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"

EnableClientScript="false"

Display="Static"

ErrorMessage="Invalid format for e-mail address."

runat="server"/>

</td>

</tr>

<tr>

<td>Password:</td>

<td><input id="UserPass" type=password runat=server/></td>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserPass"

Display="Static"

ErrorMessage="*"

runat="server"/>

</td>

</tr>

<tr>

<td>Persistent Cookies:</td>

<td><ASP:CheckBox id=Persist runat="server"

autopostback="true" />

</td>

<td></td>

</tr>

</table>

<input type="submit" OnServerClick="Login_Click" Value="Login"

runat="server"/><p>

<asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"

Font-Size="10" runat="server" />

</form>

</body>

</html>

addUser.aspx

<%@ Page LANGUAGE="c#" %>

<%@ Import Namespace="System.Data" %>

<%@ Import Namespace="System.Data.SqlClient" %>

<%@ Import Namespace="System.Web.Security " %>

<%@ Import Namespace="System.IO" %>

<html>

<head>

<title>Forms Authentication</title>

<script runat=server>

private void Page_Load(Object Src, EventArgs e)

{

String email = Request.QueryString["UserEmail"];

if( null != email )

UserEmail.Value = email;

}

private void AddUser_Click(Object sender, EventArgs e)

{

if( !Page.IsValid )

{

Msg.Text = "Some required fields are invalid.";

return;

}

DataSet ds = new DataSet();

String userFile = "users.xml";

FileStream fs = new FileStream(Server.MapPath(userFile),

FileMode.Open,FileAccess.Read);

StreamReader reader = new StreamReader(fs);

ds.ReadXml(reader);

fs.Close();

string hashedpwd =

FormsAuthentication.HashPasswordForStoringInConfigFile

(UserPass.Value, "SHA1");

DataRow newUser = ds.Tables[0].NewRow();

newUser["UserEmail"] = UserEmail.Value;

newUser["UserPassword"] = hashedpwd;

ds.Tables[0].Rows.Add(newUser);

ds.AcceptChanges();

fs = new FileStream(Server.MapPath(userFile), FileMode.Create,

FileAccess.Write|FileAccess.Read);

StreamWriter writer = new StreamWriter(fs);

ds.WriteXml(writer);

writer.Close();

fs.Close();

Response.Redirect("Default.aspx");

}

</script>

<body>

<form runat=server>

<div style="background:#ccccff">

<h3><font face="Verdana">Add New User</font></h3>

</div>

<table>

<tr>

<td>Name:</td>

<td><input id="UserEmail" type="text" runat=server/></td>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserEmail"

Display="Static"

ErrorMessage="*"

runat=server/>

</td>

<td><asp:RegularExpressionValidator id="RegexValidator"

ControlToValidate="UserEmail"

ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"

EnableClientScript="false"

Display="Static"

ErrorMessage="Invalid format for e-mail address."

runat="server"/>

</td>

</tr>

<tr>

<td>Password:</td>

<td><input id="UserPass" type=password runat=server/></td>

<td><ASP:RequiredFieldValidator

ControlToValidate="UserPass"

Display="Static"

ErrorMessage="*"

runat=server/>

</td>

</tr>

<tr>

<td>Persistent Forms:</td>

<td><ASP:CheckBox id=Persist runat="server"

autopostback="true" />

</td>

</tr>

</table>

<input type="submit" OnServerClick="AddUser_Click" Value="Add User"

runat="server"/><p>

<asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"

Font-Size="10" runat=server />

</form>

</body>

</html>

Default.aspx

<%@ Page LANGUAGE="c#" %>

<html>

<title>Forms Authentication</title>

<script runat=server>

private void Page_Load(Object Src, EventArgs e)

{

Welcome.InnerHtml = "Hello, " +

Server.HtmlEncode(User.Identity.Name);

}

private void Signout_Click(Object sender, EventArgs e)

{

FormsAuthentication.SignOut();

Response.Write("Logged out - cookie deleted.");

}

</script>

<body>

<h3><font face="Verdana">Forms Authentication Example</font></h3>

<span id="Welcome" runat=server/>

&l

[1] [2] 下一页

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航