在ASP.NET中創建安全的web站點[4]

界面做好之後就開始編寫提交按鈕事件首先需要注冊該事件代碼如下

private void InitializeComponent() 

{ 

thisbtnLoginClick += new SystemWebUIImageClickEventHandler(thisbtnLogin_Click); 

 

 

 

} 

　　事件注冊好之後自然就是編寫事件處理函數了

private void btnLogin_Click(object sender SystemWebUIImageClickEventArgs e) 

{ 

CCommonDB sql = new CCommonDB(); 

string redirect = ; 



if((redirect = sqlAuthenticateUser(thisSession thisResponse 

usernameText passwordText saveLoginChecked)) != stringEmpty) 

{ 

// Redirect the user 

ResponseRedirect(redirect); 

} 

else 

{ 

MessageText = Login Failed!; 

} 

} 

　　讀者看完上面的代碼之後一定想問CCommonDB是哪裡來的東東這是我編寫的一個類用來處理用戶登錄信息的如果成功則把相關信息寫入sessionCookie和SQL數據庫同時跳到defaultaspx頁面具體如下

CCommonDBcs 



namespace secureComponents 

{ 

public class CCommonDB : CSql 

{ 

public CCommonDB() : base() { } 



public string AuthenticateUser( 

SystemWebSessionStateHttpSessionState objSession // Session Variable 

SystemWebHttpResponse objResponse // Response Variable 

string email // Login 

string password // Password 

bool bPersist // Persist login 

) 

{ 

int nLoginID = ; 

int nLoginType = ; 



// Log the user in 

Login(email password ref nLoginID ref nLoginType); 



if(nLoginID != ) // Success 

{ 

// Log the user in 

SystemWebSecurityFormsAuthenticationSetAuthCookie(nLoginIDToString() 
bPersist); 



// Set the session varaibles 

objSession[loginID] = nLoginIDToString(); 

objSession[loginType] = nLoginTypeToString(); 



// Set cookie information incase they made it persistant 

SystemWebHttpCookie wrapperCookie = new SystemWebHttpCookie(wrapper); 

wrapperCookieValue = objSession[wrapper]ToString(); 

wrapperCookieExpires = DateTimeNowAddDays(); 



SystemWebHttpCookie lgnTypeCookie = new SystemWebHttpCookie(loginType); 

lgnTypeCookieValue = objSession[loginType]ToString(); 

lgnTypeCookieExpires = DateTimeNowAddDays(); 



// Add the cookie to the response 

objResponseCookiesAdd(wrapperCookie); 

objResponseCookiesAdd(lgnTypeCookie); 



return /candidate/defaultaspx; 

} 

case : // Admin Login 

{ 

return /admin/defaultaspx; 

} 

case : // Reporting Login 

{ 

return /reports/defaultaspx; 

} 

default: 

{ 

return stringEmpty; 

} 

} 

} 

else 

{ 

return stringEmpty; 

} 

} 



/// <summary> 

/// Verifies the login and password that were given 

/// </summary> 

/// <param name=email>the login</param> 

/// <param name=password>the password</param> 

/// <param name=nLoginID>returns the login id</param> 

/// <param name=nLoginType>returns the login type</param> 

public void Login(string email string password ref int nLoginID 
ref int nLoginType) 

{ 

ResetSql(); 



DataSet ds = new DataSet(); 



// Set our parameters 

SqlParameter paramLogin = new SqlParameter(@username SqlDbTypeVarChar ); 

paramLoginValue = email; 



SqlParameter paramPassword = new SqlParameter(@password SqlDbTypeVarChar ); 

paramPasswordValue = password; 





CommandCommandType = CommandTypeStoredProcedure; 

CommandCommandText = glbl_Login; 

CommandParametersAdd(paramLogin); 

CommandParametersAdd(paramPassword); 



AdapterTableMappingsAdd(Table Login); 

AdapterSelectCommand = Command; 

AdapterFill(ds); 



if(dsTablesCount != ) 

{ 

DataRow row = dsTables[]Rows[]; 



// Get the login id and the login type 

nLoginID = ConvertToInt(row[Login_ID]ToString()); 

nLoginType = ConvertToInt(row[Login_Type]ToString()); 

} 

else 

{ 

nLoginID = ; 

nLoginType = ; 

} 

} 

} 



abstract public class CSql 

{ 

private SqlConnection sqlConnection; // Connection string 

private SqlCommand sqlCommand; // Command 

private SqlDataAdapter sqlDataAdapter; // Data Adapter 

private DataSet sqlDataSet; // Data Set 
public CSql() 

{ 

sqlConnection = new SqlConnection(ConfigurationSettingsAppSettings
[ConnectionString]); 

sqlCommand = new SqlCommand(); 

sqlDataAdapter = new SqlDataAdapter(); 

sqlDataSet = new DataSet(); 



sqlCommandConnection = sqlConnection; 

} 



/// <summary> 

/// Access to our sql command 

/// </summary> 

protected SqlCommand Command 

{ 

get { return sqlCommand; } 

} 



/// <summary> 

/// Access to our data adapter 

/// </summary> 

protected SqlDataAdapter Adapter 

{ 

get { return sqlDataAdapter; } 

} 



/// <summary> 

/// Makes sure that everything is clear and ready for a new query 

/// </summary> 

protected void ResetSql() 

{ 

if(sqlCommand != null) 

{ 

sqlCommand = new SqlCommand(); 

sqlCommandConnection = sqlConnection; 

} 

if(sqlDataAdapter != null) 

sqlDataAdapter = new SqlDataAdapter(); 



if(sqlDataSet != null) 

sqlDataSet = new DataSet(); 

} 



/// <summary> 

/// Runs our command and returns the dataset 

/// </summary> 

/// <returns>the data set</returns> 

protected DataSet RunQuery() 

{ 

sqlDataAdapterSelectCommand = Command; 



sqlConnectionOpen(); 

sqlConnectionClose(); 



sqlDataAdapterFill(sqlDataSet); 



return sqlDataSet; 

} 

} 

} 

   

[]  []  []  []  

From:http://tw.wingwit.com/Article/program/net/201311/15688.html