問題描述
asp.net c# sistem login (asp.net c# login system)
i am devolping system with login system there is three types of security level user ,manager ,Administrator and the system user will be over 1500 user so i am some how new to asp.net so i make some soultion to override the membership system in asp.net cause i find it so combliecated my user table stracture is
user_id int
user_pass int
user_level int there will be one of three values in this column 1 or 2 or 3
and my web config authanitcation part is
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="3345C" timeout="60" protection="All" >
<credentials passwordFormat="Clear">
<user name="nissadmin" password="nissADM"/>
<user name="nissuser" password="nissuser"/>
</credentials>
</forms>
</authentication>
<location path="oper">
<system.web>
<authorization>
<allow users="nissuser"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="admin">
<system.web>
<authorization>
<allow users="nissadmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
and my login page code is
protected void Button1_Click(object sender, EventArgs e)
{
string connectionString
= System.Configuration.ConfigurationManager.ConnectionStrings["nisss"].ConnectionString;
SqlConnection conn = new SqlConnection();
try
{
if (user.Text == "" || pw.Text == "")
{
Label1.Text = "Please Fill the required Fields";
}
else
{
conn = new SqlConnection(connectionString);
conn.Open();
SqlCommand cmd = new SqlCommand("logi", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@usr", int.Parse(user.Text)));
cmd.Parameters.Add(new SqlParameter("@pass", pw.Text));
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet data = new DataSet();
da.Fill(data);
if (data.Tables[0].Rows.Count == 1) // if the user and password true
{
int role = data.Tables[0].Rows[0].Field<int>(3);
Response.Cookies["id"].Value = user.Text;
if (role == 0)
{
if (System.Web.Security.FormsAuthentication.Authenticate("nissuser", "nissuser"))
{
system.Web.Security.FormsAuthentication.RedirectFromLoginPage("nissuser", false);
Response.Cookies["rolee"].Value = null;
Response.Redirect("oper/order.aspx");
}
}
else if (role == 1)
{
if (System.Web.Security.FormsAuthentication.Authenticate("nissuser", "nissuser"))
{
System.Web.Security.FormsAuthentication.RedirectFromLoginPage("nissuser", false);
Response.Cookies["rolee"].Value = "456";
Response.Redirect("oper/order.aspx");
}
}
else if (role == 2)
{
if (System.Web.Security.FormsAuthentication.Authenticate("nissadmin", "nissADM"))
{
System.Web.Security.FormsAuthentication.RedirectFromLoginPage("nissadmin", false);
Response.Redirect("admin/tabs.html");
}
}
}
else
{
Label1.Text = "wrong password or id";
}
}
}
finally
{
conn.Close();
}
}
this works fine on test but all what i need to know is this gonna work with the huge number of users login at the same time without any issues plz help me thanks in advance
‑‑‑‑‑
參考解法
方法 1:
I would first spike an example of the asp.net forms authentication using the built‑in membership provider. Once you have that working, I would look at sub‑classing the membership provider to customize the security model.
what you have above is way too complicated and you have too many responsibilities in one place.
you may also want to take a look at SimpleMembership Provider
方法 2:
Try to use int.TryParse instead of int.Parse. You never know what users may enter in the field...
(by mr mr、Jason Meckley、Alex L.)