问题
I am trying to password protect an asp.net site, i have done this okay, however if they put /home.aspx at the end of the address then it will by pass the log in page, is there a way of making those other pages only accessible through the buttons, and if they are accessed directly it will redirect you to the login page?
THanks
回答1:
At the moment you login you should start a session. This is some code I used in one of my high school projects
> public void LoginUser(string id, string mail, string ww, string admin)
> {
> Session["UserID"] = id;
> Session["IsAdmin"] = admin;
> if(admin == "admin")
> {
> Response.Redirect("~/Admin/AdminCP.aspx");
> }
> else if (admin == "user")
> {
> Response.Redirect("~/User/UserCP.aspx");
> }
> else
> {
> lblLoginError.Text = "An error has accurred";
> lblLoginError.Visible = true;
> lblLoginError.CssClass = "failureNotification left";
> }
> }
This is a way I used detecting if a user was an admin or a basic user. After this, in every page in the Page_Load-section you have to add
> if (Session["UserID"] == null)
> {
> Response.Redirect("~/Account/Login.aspx");
> }
This will check everytime if the session UserID is running. If it is empty, the login never happened, so the user will be redirected to the page where he can login.
Hope this helped ;-)
回答2:
unless you are using some other way.. just checkout the asp.net membership provider documentation on msdn:
http://msdn.microsoft.com/en-us/library/ff648345.aspx
if you scroll right to the bottom this is what you are looking for, but this page gives all the info you'll need.
回答3:
You could store the log on state in session and check on page load or pre init for an isLoggedin flag which only gets set if they have logged in successfully. This won't prevent them navigating directly to pages if they are logged in but will keep them out if they aren't.
来源:https://stackoverflow.com/questions/10296538/password-protecting-an-asp-net-site-using-a-log-in-page