custom-login.aspx

东软内部材料（四）asp等相关的教学案例

<%@Page Language="C#" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.OleDb" %>

<html>
<head>
<title>Login Form</title>
<style type="text/css">
body, input {font-family:Tahoma,Arial,sans-serif; font-size:10pt }
</style>
</head>
<body>
<form runat="server">

  UserName: <input id="txtUsr" type="text" runat="server" /><p />
  Password: <input id="txtPwd" type="password" runat="server" /><p />

  <ASP:CheckBox id="chkPersist" runat="server" />
  Remember my credentials<p />

  <input type="submit" value="Login" runat="server" onserverclick="DoLogin" /><p />

  <div id="outMessage" runat="server" />

</form>
Available username/password combinations are: &nbsp;"sarahware" and "test", &nbsp;
"timtom" and "letmein", &nbsp; "billygoat" and "help"
<hr />
<b>The web.config file used in this example is:</b><pre>
&lt;configuration&gt;
&lt;system.web&gt;

  &lt;authentication mode="Forms"&gt;
    &lt;forms name="MyApp03" path="/" loginUrl="custom-login.aspx"
           protection="All"  timeout="30" &gt;
    &lt;/forms&gt;
  &lt;/authentication&gt;

  &lt;authorization&gt;
    &lt;deny users="?" /&gt;
  &lt;/authorization&gt;

&lt;/system.web&gt;
&lt;/configuration&gt;</pre>
</body>
</html>

<script language="C#" runat="server">

	void DoLogin(Object objSender, EventArgs objArgs)
	{
		// specify the connection string - edit to suit your database
		string strConnect = ConfigurationSettings.AppSettings["DsnUserList"];

		// get username and password from form
		string strUsr = txtUsr.Value;
		string strPwd = txtPwd.Value;

		// create the SHA1 hash of the password provided by the user
		string strHash = FormsAuthentication.HashPasswordForStoringInConfigFile(strPwd, "SHA1");

		// set a flag to indicate successful authentication
		bool blnIsAuthenticated = false;			// default value
		string strBGColor = String.Empty;			// users saved background color

		// create a suitable SQL statement to retrieve the values
		// we only retrieve the user's stored preferences and other options
		// as the password verification is now done by comparing the
		// hashed values, so it will perform a case-sensitive match
		string strSQL = "SELECT BGColor FROM Users WHERE UserName='"
						+ strUsr + "' AND Password='" + strHash + "'";
		 strSQL = "SELECT * FROM Users WHERE UserName='"
						+ strUsr + "'";

		try
		{
			// create a new Connection object
			OleDbConnection objConnect = new OleDbConnection(strConnect);

			// open the connection to the database
			objConnect.Open();

			// create a new Command using the connection object and select statement
			OleDbCommand objCommand = new OleDbCommand(strSQL, objConnect);

			// declare a variable to hold a DataReader object
			OleDbDataReader objDataReader;

			// execute the SQL statement against the command to fill the DataReader
			objDataReader = objCommand.ExecuteReader();

			// if we get a row back we know that the user is authenticated
			if (objDataReader.Read())
			{
				blnIsAuthenticated = true;
				//outMessage.InnerHtml = strHash + " : " + objDataReader["Password"].ToString();


				// get users preferred background color
				strBGColor = (string)objDataReader["BGColor"];

				// get other preference values as required
				// ... etc ...
			}

			// close the DataReader and Connection
			objDataReader.Close();
			objConnect.Close();
		}
		catch (Exception objError)
		{
			// display error details
			outMessage.InnerHtml = "<b>* Error while accessing database</b>.<br />"
									+ objError.Message + "<br />" + objError.Source;
			return;			// and stop execution
		}


		if (blnIsAuthenticated)
		{
			// save background color in Session object
			Session["BGColor"] = strBGColor;

			// redirect user to original page
			FormsAuthentication.RedirectFromLoginPage(strUsr, chkPersist.Checked);
		}
		else
			outMessage.InnerHtml = "<b>Invalid credentials</b> please re-enter...";

	}
	
</script>