| |

VerySource

 Forgot password?
 Register
Search
View: 824|Reply: 2

C# does the security control problem in the website

[Copy link]

3

Threads

6

Posts

6.00

Credits

Newbie

Rank: 1

Credits
6.00

 China

Post time: 2020-11-26 18:30:02
| Show all posts |Read mode
I now use C# as a website and I have a problem. If the user knows the address of my administrator’s page, he can enter directly without going through the login interface. Other friends told me that I can use SESSION to manage it, but I don’t understand this. Any expert knows how to control, please tell the following. If you can, it's best to have a look at the source code. Thank you very much.
Reply

Use magic Report

0

Threads

4

Posts

5.00

Credits

Newbie

Rank: 1

Credits
5.00

 China

Post time: 2020-11-27 13:00:01
| Show all posts
Landing page
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class admin_index: System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        Title = "Background Login";
    }
    protected void dl_Click(object sender, EventArgs e)
    {
        string admin_name = Request["l_name"].ToString();
        string admin_pwd = Request["l_pwd"].ToString();
        string connstring = System.Configuration.ConfigurationManager.AppSettings["myconn"];
        SqlConnection thisconnection = new SqlConnection(connstring);
        string sql = "select * from admin where admin_name ='"+admin_name+"' and admin_pwd ='"+admin_pwd+"'";
        SqlCommand thiscommand = new SqlCommand(sql,thisconnection);
        thiscommand.CommandType = CommandType.Text;
        try
        {
            thiscommand.Connection.Open();
            SqlDataReader dr = thiscommand.ExecuteReader();
            if (dr.Read())
            {
                Session["admin_name"] = admin_name;
                Response.Redirect("class.aspx");
            }
            else
            {
                this.l_error.Text = "Username or password is wrong";
            }
        }
        catch (SqlException ex)
        {
            Response.Write(ex.ToString());
        }
        finally
        {
            thiscommand.Connection.Close();
        }
    }
}


Add on other pages
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["admin_name"] == null)
        {
            Response.Redirect("index.aspx");
        }
    }
Reply

Use magic Report

0

Threads

1

Posts

2.00

Credits

Newbie

Rank: 1

Credits
2.00

 China

Post time: 2020-11-27 17:15:01
| Show all posts
Seriously agree with the statement upstairs
Reply

Use magic Report

You have to log in before you can reply Login | Register

Points Rules

Contact us|Archive|Mobile|CopyRight © 2008-2023|verysource.com ( 京ICP备17048824号-1 )

Quick Reply To Top Return to the list