C# 如何使用会话设置特定页面的管理员登录权限?
我发现当我通过管理员登录时,有一些我不知道的小错误。它一直把我重定向到Page404.aspx。谁能纠正我的错误?谢谢你的帮助 背景信息:对于MS Access数据库-由于注册页面的原因,C# 如何使用会话设置特定页面的管理员登录权限?,c#,asp.net,session,ms-access,C#,Asp.net,Session,Ms Access,我发现当我通过管理员登录时,有一些我不知道的小错误。它一直把我重定向到Page404.aspx。谁能纠正我的错误?谢谢你的帮助 背景信息:对于MS Access数据库-由于注册页面的原因,CUsername、@eUsername是可能的 附加信息:帐户注册和登录加上更新客户页面的工作完全正常。除了UpdateProductsAdmin页面之外,我只希望它是登录了“admin”的用户名 cmd.paramters.add.withvalue string strSQLInsert = "I
CUsername、@eUsername cmd.paramters.add.withvalue
string strSQLInsert = "INSERT INTO "
+ "myCustomer (CFirstName, CLastName, CAddressLine1, CAddressLine2, CCountry, CState, CPostalCode, CContactNumber, CEmail, CConfirmEmail, CUserName, CPassword, CConfirmPassword)"
+ "VALUES (@eFirstName, @eLastName, @eAddressLine1, @eAddressLine2, @eCountry, @eState, @ePostalCode, @eContactNumber, @eEmail, @eConfirmEmail, @eUserName, @ePassword, @eConfirmPassword)";
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
public partial class UpdateProductsAdmin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
OleDbConnection mDB = new OleDbConnection();
mDB.ConnectionString = "Provider = Microsoft.ACE.OLEDB.12.0;Data Source=" + Server.MapPath("~/App_Data/webBase.accdb");
mDB.Open();
Type csType = this.GetType();
OleDbCommand cmd;
OleDbDataReader rdr;
string strSQLSelect = "SELECT CUsername FROM myCustomer ORDER BY CUsername";
cmd = new OleDbCommand(strSQLSelect, mDB);
rdr = cmd.ExecuteReader();
while (rdr.Read() == true)
{
if (Session["CUsername"] == "admin")
{
DetailsView1.Visible = true;
}
else
{
Response.Redirect("Page404.aspx");
}
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
public partial class Account : System.Web.UI.Page
{
public string UFlag = "F"; public string strUserName;
static readonly string ScriptSuccessUpdate = "<script language=\"javascript\"\n" + "alert (\"Update successful - Please surf to other pages to shop\");\n </script>";
protected void Page_Load(object sender, EventArgs e)
{
LabelUserName.Text = (string)Session["sUserName"];
LabelFirstName.Text = (string)Session["sFirstName"];
LabelLastName.Text = (string)Session["sLastName"];
LabelAddressLine1.Text = (string)Session["sAddressLine1"];
LabelAddressLine2.Text = (string)Session["sAddressLine2"];
LabelCountry.Text = (string)Session["sCountry"];
LabelState.Text = (string)Session["sState"];
LabelPostalCode.Text = (string)Session["sPostalCode"];
LabelContactNumber.Text = Convert.ToInt32(Session["sContactNumber"]).ToString();
LabelEmail.Text = (string)Session["sEmail"];
LabelPassword.Text = (string)Session["sPassword"];
}
protected void ImageButtonUpdate_Click(object sender, ImageClickEventArgs e)
{
strUserName = (string)Session["sUserName"];
if (TextBoxFirstName.Text!="")
{
string StrFName = "CFirstName"; string strFValue = TextBoxFirstName.Text;
UpdatemyCustomer(StrFName, strFValue);
Session["sFirstName"] = TextBoxFirstName.Text;
}
if (TextBoxLastName.Text!="")
{
string strFName = "CLastName"; string strFValue = TextBoxLastName.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sLastName"] = TextBoxLastName.Text;
}
if (TextBoxAddressLine1.Text != "")
{
string strFName = "CAddressLine1"; string strFValue = TextBoxAddressLine1.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sAddressLine1"] = TextBoxAddressLine1.Text;
}
if (TextBoxAddressLine2.Text != "")
{
string strFName = "CAddressLine2"; string strFValue = TextBoxAddressLine2.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sAddressLine2"] = TextBoxAddressLine2.Text;
}
if (TextBoxCountry.Text != "")
{
string strFName = "CCountry"; string strFValue = TextBoxCountry.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sCountry"] = TextBoxCountry.Text;
}
if (TextBoxState.Text != "")
{
string strFName = "CState"; string strFValue = TextBoxState.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sState"] = TextBoxState.Text;
}
if (TextBoxPostalCode.Text != "")
{
string strFName = "CPostalCode"; string strFValue = TextBoxPostalCode.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sPostalCode"] = TextBoxPostalCode.Text;
}
if (TextBoxContactNumber.Text != "")
{
string strFName = "CContactNumber"; string strFValue = TextBoxContactNumber.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sContactNumber"] = TextBoxContactNumber.Text;
}
if (TextBoxEmail.Text != "")
{
string strFName = "CEmail"; string strFValue = TextBoxEmail.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sEmail"] = TextBoxEmail.Text;
}
if (TextBoxPassword.Text != "")
{
string strFName = "CPassword"; string strFValue = TextBoxPassword.Text;
UpdatemyCustomer(strFName, strFValue);
Session["sPassword"] = TextBoxPassword.Text;
}
if (UFlag == "T")
{
Type strType = this.GetType();
ClientScript.RegisterStartupScript(strType, "Success", ScriptSuccessUpdate);
}
}
public void UpdatemyCustomer(string strFName, string strFValue)
{
OleDbConnection mDB = new OleDbConnection();
mDB.ConnectionString = "Provider = Microsoft.ACE.OLEDB.12.0;Data source=" + Server.MapPath("~/App_Data/webBase.accdb");
mDB.Open();
OleDbCommand cmd;
String strSQL = "UPDATE myCustomer SET " + strFName + "=@newValue WHERE cUserName = @eUserName";
cmd = new OleDbCommand(strSQL, mDB);
cmd.Parameters.Add("@newValue", OleDbType.Char).Value = strFValue;
cmd.Parameters.Add("@eUserName", OleDbType.Char).Value = strUserName;
cmd.ExecuteNonQuery();
UFlag = "T";
mDB.Close();
}
}
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web;
使用System.Web.UI;
使用System.Web.UI.WebControl;
使用System.Data.OleDb;
公共部分类帐户:System.Web.UI.Page
{
公共字符串UFlag=“F”;公共字符串strUserName;
静态只读字符串ScriptSuccessUpdate=“在您的代码中,我看不到会话[“CUsername”]的会话初始化在哪里
在SQL CMD中,如果第一行CUsername不是admin,则始终会得到False
因此,您将重定向到“Page404.aspx”
您可以编写此代码,以确保获得正确的SQL查询结果
using System;
using System.Collections.Generic;
using System.Linq; using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
public partial class UpdateProductsAdmin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if ((string)Session["sUsername"] == "admin")
{
DetailsView1.Visible = true;
}
else {
Response.Redirect("Page404.aspx");
}
}
}
使用制度;
使用System.Collections.Generic;
使用System.Linq;使用System.Web;
使用System.Web.UI;
使用System.Web.UI.WebControl;
使用System.Data.OleDb;
公共部分类UpdateProductsAdmin:System.Web.UI.Page
{
受保护的无效页面加载(对象发送方、事件参数e)
{
如果((字符串)会话[“sUsername”]=“admin”)
{
DetailsView1.Visible=true;
}
否则{
重定向(“Page404.aspx”);
}
}
}
?cmd.Parameters.Add(“@CuserName”,[YourLoginID])的用途是什么?YourLoginID是什么?Parameter是您的SQLCMD变量。如下->从客户中选择用户名,其中UserName=@UserName。如果您添加参数cmd.Parameters.Add(“@UserName”,LoginTextBox.Text);LoginTextBox.Text='John'执行中的CMD将是replace->SELECT UserName FROM Customer,其中UserName='John'。它可以确保您始终获得1行(如果用户存在)或者在你的SQLCMD中有0行,如果我的客户有1000个用户,你将总是得到1000行,并执行你的if表达式。但是这不是母版页,所以我不能使用textboxUsername.text-uh。还有其他的迂回吗?我不认为有必要使用cmd.paramaters.add-uh。实际上,我只想要一个简单的,也许我可以使用sFlag//代表已登录的用户,在我的代码中,如if session[“cUsername”]equal“admin,display detailsview,else response redirect。有什么建议吗?可能是if((string)session[“sFlag”!=“T”&(string)session[“cUsername”!=“admin”){display detailsview}else response redirect
using System;
using System.Collections.Generic;
using System.Linq; using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
public partial class UpdateProductsAdmin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if ((string)Session["sUsername"] == "admin")
{
DetailsView1.Visible = true;
}
else {
Response.Redirect("Page404.aspx");
}
}
}