custom-login.aspx

东软内部材料（四）asp等相关的教学案例

<%@Page Language="C#" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.OleDb" %>
<%@Import Namespace="System.Xml" %>

<html>
<head>
<title>Login Form</title>
<style type="text/css">
body, input {font-family:Tahoma,Arial,sans-serif; font-size:10pt }
</style>
</head>
<body>
<form runat="server">

  Authenticate against:
  <input type="radio" id="chkXML" name="chkReadFrom" checked="true" runat="server" />
  XML document &nbsp;
  <input type="radio" id="chkSQL" name="chkReadFrom" runat="server" />
  Database table<p />

  UserName: <input id="txtUsr" type="text" runat="server" /><p />
  Password: <input id="txtPwd" type="password" runat="server" /><p />

  <ASP:CheckBox id="chkPersist" runat="server" />
  Remember my credentials<p />

  <input type="submit" value="Login" runat="server" onserverclick="DoLogin" /><p />

  <div id="outMessage" runat="server" />

</form>
Available username/password combinations are: &nbsp;"billjones" and "test", &nbsp;
"marthasmith" and "test", &nbsp; "joesoap" and "test"
<hr />
<b>The web.config file used in this example is:</b><pre>
&lt;configuration&gt;
&lt;system.web&gt;

  &lt;authentication mode="Forms"&gt;
    &lt;forms name="MyApp01" path="/" loginUrl="custom-login.aspx"
           protection="All"  timeout="30" &gt;
    &lt;/forms&gt;
  &lt;/authentication&gt;

  &lt;authorization&gt;
    &lt;deny users="?" /&gt;
  &lt;/authorization&gt;

&lt;/system.web&gt;
&lt;/configuration&gt;</pre>
</body>
</html>

<script language="C#" runat="server">

	void DoLogin(Object objSender, EventArgs objArgs)
	{
		// specify the connection string - edit to suit your database
		string strConnect = ConfigurationSettings.AppSettings["DsnUserList"];

		// get username and password from form
		string strUsr = txtUsr.Value;
		string strPwd = txtPwd.Value;

		// set a flag to indicate successful authentication
		bool blnIsAuthenticated = false;   // default value


		// see which method we're using to authenticate the user
		if (chkXML.Checked)
		{
			// load the XML document containing the user credentials
			string strCurrentPath = Request.PhysicalPath;
			string strXMLPath = strCurrentPath.Substring(0, strCurrentPath.LastIndexOf("\\"))
								+ "\\userlist.xml";

			// create a new XMLDocument object
			XmlDocument objXMLDoc = new XmlDocument();

			try
			{
				// load the XML file into the XMLDocument object
				objXMLDoc.Load(strXMLPath);
			}
			catch (Exception objError)
			{
				// display error details
				outMessage.InnerHtml = "<b>* Error while accessing XML document</b>.<br />"
										+ objError.Message + "<br />" + objError.Source;
				return;		// and stop execution
			}

			// create a NodeList collection of all matching child nodes
			// there should be only one for this user
			XmlNodeList colUser;
			colUser = objXMLDoc.GetElementsByTagName(strUsr);

			// see if we found an element with this username
			if (colUser.Count > 0)
			{
				// check if the value of the element (the child #text node)
				// is equal to the password that the user entered
				if (strPwd == colUser[0].FirstChild.Value)
					blnIsAuthenticated = true;
			}
		}
		else
		{
			// create a suitable SQL statement to retrieve the values
			string strSQL = "SELECT Password FROM Users WHERE UserName='"
							+ strUsr + "' AND Password='" + strPwd + "'";

			try
			{
				// create a new Connection object
				OleDbConnection objConnect = new OleDbConnection(strConnect);

				// open the connection to the database
				objConnect.Open();

				// create a new Command using the connection object and select statement
				OleDbCommand objCommand = new OleDbCommand(strSQL, objConnect);

				// declare a variable to hold a DataReader object
				OleDbDataReader objDataReader;

				// execute the SQL statement against the command to fill the DataReader
				objDataReader = objCommand.ExecuteReader();

				// if we get a row back, check password for same letter case
				// (usually a SQL SELECT WHERE clause is not case sensitive)
				if (objDataReader.Read())
				{
					if (objDataReader["Password"].ToString() == strPwd)
						blnIsAuthenticated = true;
				}

				// close the DataReader and Connection
				objDataReader.Close();
				objConnect.Close();
			}
			catch (Exception objError)
			{
				// display error details
				outMessage.InnerHtml = "<b>* Error while accessing database</b>.<br />"
										+ objError.Message + "<br />" + objError.Source;
				return;		// and stop execution
			}
		}

		if (blnIsAuthenticated)
			FormsAuthentication.RedirectFromLoginPage(txtUsr.Value, chkPersist.Checked);
		else
			outMessage.InnerHtml = "<b>Invalid credentials</b> please re-enter...";
	}

</script>