C# n层体系结构中的ASP.NET登录
我正在尝试在基于n层体系结构的ASP.NET C#中实现登录功能 数据访问:C# n层体系结构中的ASP.NET登录,c#,asp.net,C#,Asp.net,我正在尝试在基于n层体系结构的ASP.NET C#中实现登录功能 数据访问: public int userlogin(string user, string passw)//checking the user name and password { SqlConnection con = new SqlConnection(); con.ConnectionString = GetConnectionString(); con.Open(); int id =
public int userlogin(string user, string passw)//checking the user name and password
{
SqlConnection con = new SqlConnection();
con.ConnectionString = GetConnectionString();
con.Open();
int id = 0;
string selectstr = "SELECT NurseName, password FROM Nurse2 WHERE NurseName = '" + user.Trim() + "' AND Password = '" + passw.Trim() + "'";
SqlCommand cmd = new SqlCommand();
cmd.CommandText = selectstr;
cmd.CommandType = System.Data.CommandType.Text;
cmd.Connection = con;
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
id++;
}
cmd = null;
reader.Close();
con.Close();
return id;
}
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
string password = TextBox2.Text;
int id = da.userlogin(name, password);
if (id > 0)
{
Session["userName"] = name;
Response.Redirect("SubscribePage.aspx");
}
else
{
Label1.Text = "invalid";
}
现在,我的问题是,当我按下按钮时,程序只会转到else子句,即使我输入了正确的数据。在我看来,这里可能不好的地方似乎都很好。N层体系结构有助于分离代码,因为您的代码跳过了一层,没有充分利用业务逻辑层。这是一个有用的图像 我还将添加一个附加类来存储用户的登录详细信息,我猜您将有更多信息以及要存储的护士姓名-您可以在会话数据中存储该类的实例,并在需要时将其抛出
public class User
{
public string Name { get; set; }
/* Some other attributes - not your password though! */
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
Session["User"] = BLL.userLogin(TextBox1.Text, TextBox2.Text);
Response.Redirect("SubscribePage.aspx"); /* If it reaches here, everything is okay */
}
catch (Exception ex)
{
Label1.Text = ex.Message;
}
}
public static User userLogin(string username, string password)
{
User U = DAL.userLogin(username, password);
if (string.IsNullOrEmpty(U.Name))
throw new Exception("Incorrect login details");
return U;
}
public static User userLogin(string username, string password)
{
using (SqlConnection con = new SqlConnection(GetConnectionString())
{
User U = new User();
SqlCommand cmd = new SqlCommand(@"SELECT NurseName, password
FROM Nurse2
WHERE NurseName = @user AND password = @pw", con);
cmd.Parameters.Add(new SqlParameter("@user", username));
cmd.Parameters.Add(new SqlParameter("@pw", password));
try
{
con.Open();
}
catch (Exception ex)
{
throw new Exception("connetion problem", ex);
}
try
{
using (SqlDataReader rdr = cmd.ExecuteReader())
{
while (rdr.Read())
{
U = rdr["NurseName"];
}
}
}
catch (Exception ex)
{
throw new Exception("problem with query", ex);
}
finally
{
con.Close(); /* Clean up regardless of the outcome */
con.Dispose();
}
return U;
}
}
public static User userLogin(string username, string password)
{
User U = DAL.userLogin(username, password);
if (string.IsNullOrEmpty(U.Name))
throw new Exception("Incorrect login details");
return U;
}
public static User userLogin(string username, string password)
{
using (SqlConnection con = new SqlConnection(GetConnectionString())
{
User U = new User();
SqlCommand cmd = new SqlCommand(@"SELECT NurseName, password
FROM Nurse2
WHERE NurseName = @user AND password = @pw", con);
cmd.Parameters.Add(new SqlParameter("@user", username));
cmd.Parameters.Add(new SqlParameter("@pw", password));
try
{
con.Open();
}
catch (Exception ex)
{
throw new Exception("connetion problem", ex);
}
try
{
using (SqlDataReader rdr = cmd.ExecuteReader())
{
while (rdr.Read())
{
U = rdr["NurseName"];
}
}
}
catch (Exception ex)
{
throw new Exception("problem with query", ex);
}
finally
{
con.Close(); /* Clean up regardless of the outcome */
con.Dispose();
}
return U;
}
}
深入了解N层体系结构,然后尝试catch语句。希望能有帮助。我还将改进控件的命名约定,以简化操作(即Label1->lblError)我认为您现在不需要这样做。ASP.NET具有内置的身份验证。看看这个。呃……你是用纯文本存储密码吗?你似乎也在通过修改用户密码来修改它们!是的,我是。是否应该采用不同的方式?至于纯文本密码,请查看以下内容:。至于篡改用户密码…你为什么要这么做?我正在学习这些东西,所以我不知道,但我通过问这里找到了类似的东西。输入断点并检查结果以及
id