ASP. NET Administrator Logon

Source: Internet
Author: User

This section describes how to log on and log off as an administrator. Here we will learn an important knowledge point "Session )". Because HTTP is a stateless non-persistent connection protocol, it cannot identify the client or remember the client status. Therefore, you need to use an additional method-Session, to record the status of the client. Each time the client accesses the server, the server assigns a unique Session ID to indicate the connection. If the client does not close the connection and continues to access the server, its ID will not change, and the server will know that the last connection and this connection came from the same client. If the client closes the connection, its Session
ID is cleared. A new connection is established to access the server, and the server allocates a new Session ID to indicate the client. Just like accessing the QQ space, we need to log on first. After logging on, we can access the log, album, and other functions as long as the IE browser is not closed and the Session ID remains unchanged. If we Disable IE or choose to exit, the Session ID will be cleared. At this time, we will access the QQ space. Because the Session ID has been cleared, the server cannot identify that we have logged on, so we are assigned a new Session ID and asked to log on again.
The Session allows you to store objects in the memory of the Web server. In this way, you can identify the client by storing the client information during the user Session, or store small data. The Key-Value pair is used to store data in the Session. The Key is equivalent to the ID, which is a unique identifier and the Value is the data we need to store. The Session operation syntax in ASP. NET is as follows:
Session. Add ("AdminName", "Zhang San"); // store the string "Zhang San" in the Session and give it an identifier AdminName.
Session. Add ("AdminID", "12"); // Save the string 12 in the Session and give it an identifier AdminID
String s1 = Session ["AdminName"]. toString ();/* obtain the value of the identifier AdminName from the Session, convert it to a string, and assign the value to s1, s1 = "Zhang San "*/
String s2 = Session ["AdminID"]. ToString (); // s2 = "12"
With Session knowledge, we can start to complete user login and logout.
1. Under the root directory of the website (Note: The Administrator logs on to the front-end page), create a new page Admin_Login.aspx, and select the Master page MasterPage. Master. Open the design view and design the following page. At the top of the user name, drag a Label control from the toolbox to display information after logon failure. Drag two TextBox controls to the end of the user name and password, maxLength = "20"
The attribute field cannot exceed 20 characters. The TextMode = "Password" attribute indicates that this is a Password input box. Drag two"RequiredFieldValidatorRequired option verification control ", select the first RequiredFieldValidator control, open the attribute panel, and set the ControlToValidate attribute to TextBox1, indicating that this verification control verifies whether TextBox1 has any input content; if the ErrorMessage attribute is set to "required", the message "required" is displayed when TextBox1 is submitted without any input. Similarly, select the second RequiredFieldValidator control and set
The ControlToValidate attribute is TextBox2, indicating that the verification control is to verify whether TextBox2 has any input content, and set the ErrorMessage attribute to "required ". Finally, drag a Button and set the Text attribute to "Log on ".

Select the source view to view which controls are used and what attributes are set for each control:

<H3> User Logon: <P>
<Asp: Label ID = "Label1" runat = "server" Text = "" ForeColor = "Red" Font-Size = "Larger"> </asp: Label>
Username: <asp: textbox id = "textbox1" runat = "server"MaxLength = "20"> </ASP: textbox> & nbsp;
<Asp: RequiredFieldValidator ID = "RequiredFieldValidator1" runat = "server"
ControlToValidate = "TextBox1" ErrorMessage = "required"> </asp: RequiredFieldValidator>
Password & nbsp; Code: <asp: textbox id = "textbox2" runat = "server"TextMode = "Password"> </ASP: textbox> & nbsp;
<Asp: RequiredFieldValidator ID = "RequiredFieldValidator2" runat = "server"
ControlToValidate = "TextBox2" ErrorMessage = "required"> </asp: RequiredFieldValidator>

<Asp: button id = "button1" runat = "server" text = "login" Height = "24px"
OnClick = "button#click"/>

2. Select the design view of Admin_Login.aspx and double-click the logon button to open the Admin_Login.aspx.cs page. The button#click () method is completed:

Protected void button#click (Object sender, eventargs E)
// Set label1 text to an empty string to hide the error message.
Label1.text = "";
String S = "provider = Microsoft. Jet. oledb.4.0; daTa source = "+ server. mappath ("~ /App_daTa/mydatabase. mdb ");
Using (oledbconnection conn = new oledbconnection (s ))
// Define an SQL statement. @ admin indicates that this is a placeholder and @ password indicates that this is another placeholder.
String SQL = "select * from Admin where adminname = @ adminname and [Password] = @ password ";
OleDbCommand cmd = new OleDbCommand (SQL, conn );
// Assign the content of the TextBox1 input box to the @ Admin placeholder
Cmd. Parameters. AddWithValue ("@ AdminName", TextBox1.Text );
// Assign the content of the TextBox2 input box to the @ Password placeholder
Cmd. Parameters. AddWithValue ("@ Password", TextBox2.Text );
Conn. Open ();
// After the assignment is complete, SQL is a complete query statement.
OleDbDataReader rd = cmd. ExecuteReader ();
If (rd. Read ())
// If there is a record, the user name and password are correct
// Save the user name in the Session and give it an identifier AdminName
Session. Add ("AdminName", TextBox1.Text );
// Save the user ID in the Session and give it an identifier AdminID.
Session. Add ("AdminID", rd ["ID"]. ToString ());
// Save the user permission into the session and give it an identifier purview
Session. Add ("purview", RD ["purview"]. tostring ());
// Log on to the console and go to the administrator management page.
Response. Redirect ("admin/admin_man.aspx ");
// The user name and password do not match and an error message is displayed.
Label1.Text = "the user name or password is incorrect. Please try again! ";

3. Go to the Admin_Login.aspx.cs page and add the following code in the Page_Load () method to clear the data in the Session:

Protected void Page_Load (object sender, EventArgs e)
If (! IsPostBack)
// Clear the temporary data in the Session
Session. Clear ();

4. select Save all. Open the background master page (MasterPage2.master in the admin folder), enter "current user:" and "permission" in the design view, and then select the source view, enter the following code after the current user and permissions:

<H2> current user:<% = Session ["AdminName"] %>; Permission:<% = Session ["Purview"] %>
& Nbsp;<A href = "../Admin_Login.aspx"> log on </a>| <A href = "admin_add.aspx"> Add an administrator </a> | <a href = "admin_man.aspx"> administrator management </a> | <a href = "class_man.aspx"> management </a> </H2>

Note: Session ["AdminName"] indicates that data with the Key as AdminName is retrieved from the Session, and Session ["Purview"] indicates that data with the Key as Purview is retrieved from the Session, <% = Session ["AdminName"] %> indicates that the data retrieved from the Session is displayed on the page, for example, <% = "zhangsan" %> is displayed on the page. In addition, add a hyperlink to the logon page. Note the path format.
../Admin_Login.aspx,.../indicates the upper-level directory. ../Admin_Login.aspx indicates the Admin_Login.aspx page in the upper-level directory.
Set Admin_Login.aspx as the start page, and we can see the actual effect: the logon is successful only when the user name and password are correct. Try different users. After Successful Logon, the user name and permissions of the current user are displayed.
Note: In Admin_Add.aspx on the new Administrator page, write the SQL statement "'" + TextBox1.Text + "', '" + TextBox2.Text + "'"... here, the double quotation marks before and after TextBox1.Text are a single quotation mark, instead of a space single quotation mark, such as "'" + TextBox1.Text + "','"
Wrong. Just like "Zhang San" and "Zhang San" are two different strings. The second Zhang San has one space before and after it, and the first one does not. Therefore, the username and Password are correct, but the logon fails. Check the values of AdminName and Password in the Admin table of the Access database. Are there any unnecessary spaces before and after the logon?
However, there is another small problem here, that is, if we do not log on after running the Admin_Login.aspx page, but directly enter the URL of the administrator management page in the address bar, that is, in the address bar, replace Admin_Login.aspx with admin/Admin_Man.aspx, and press enter to avoid logon and directly access the background page. This is a very dangerous thing. We need to complete the last step of user login.
5. Open the cs file on the background master page, that is, MasterPage2.master. cs. In the Page_Load () method, add the following code:

Protected void page_load (Object sender, eventargs E)
If (! Ispostback)
If (session ["adminid"] = NULL)
// If the session ["adminid"] is empty, no logon is performed. After Successful Logon, the administrator ID is saved to the session.
// A warning box is displayed.
Response. Write ("<script> alert ('Log On and visit this page! '); </Script> ");
// Jump to the logon page
Response. Write ("<script> location. href = '../Admin_Login.aspx'; </script> ");

6. select Save all to see the complete logon effect. In the address bar, try to enter a URL to access the background page, which is unlikely. Wow, that's cool! In the next lesson, we will improve the user login program and add the verification code to it. This is another step closer to the success of the website. Thank you!
This article highlights and is easy to understand, helping you reprint the article. Original article address:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.