Create a secure Web site in ASP.NET

xiaoxiao2021-03-06  104

First, describe the web.config file.

Set compilation debug = "true" to debug symbol (.pdb information)

Insert into the compiled page. Because this will be created

Slow big file, so you should only set this value to true when debugging, and all other times are set to

False. For more information, please refer to

debugging

ASP.NET file documentation.

->

Set CustomerRors Mode = "ON" or "Remoteonly" to enable custom error messages, or set to "OFF" to disable custom error messages.

Add tag to each error to be processed.

->

This section sets the application's authentication policy. Possible mode is "windows",

"Forms", "Passport" and "NONE"

->

This section sets the authorization policy for the application. Can allow or reject users or roles to access

Application resources. Wildcard: "*" means anyone, "?" Indicates anonymous

(Unauthorized) users.

->

Roles = "[comma-separated list]" />

Roles = "[comma-separated list]" />

->

Application Level Track Enables trace log output for each page in the application.

Set Trace Enabled = "True" to enable application tracking records. If Pageoutput = "True", then

The tracking information will be displayed at the bottom of each page. Otherwise, you can pass from the web application

Root browsing "TRACE.AXD" page

Application trace log.

->

By default, ASP.NET uses a cookie to identify which requests belong to a specific session.

If the cookie is not available, you can track the session by adding a session identifier to the URL.

To disable cookies, set sessionState cookieless = "true".

->

Mode = "inproc"

StateConnectionstring = "TCPIP = 127.0.0.1: 42424"

SqlConnectionstring = "data source = 127.0.0.1; user ID = sa; pass

Word = "

Cookieles = "false"

TIMEOUT = "20"

/>

This section sets the application's global setting.

->

Ok, I believe that after reading the introduction above, I must know very well for web.config files. Below we will cut

theme. In order to prevent the user from accessing the site without verifying, our processing method is when the user does not pass the validation, click any page to be jumped directly to the login.aspx page, the specific code is as follows:

protection = "all" pat = "/" />

But this will generate a problem, that is, if I have some information that can be freely accessed by any user, such as the site introduction, instructions, etc. If you don't let users feel troublesome, huh, huh, not anxious, naturally have a corresponding solution in ASP.NET. The following code can implement anonymous user access Test.aspx page:

Solved the two questions above, I believe that everyone must have it. The Login.aspx page is started below. Use C # and SQL Server2000 to create a WebForm page, join the appropriate controls. The specific code is as follows:

<% @ Page language = "c #" codebehind = "login.aspx.cs"

Autoeventwireup = "false" inherits = "secure.login"%>

Secure Site </ Title></p> <p><Meta content = "Microsoft Visual Studio 7.0" Name = "Generator"></p> <p><Meta content = "c #" Name = "code_language"></p> <p><Meta content = "javascript" name = "vs_defaultclientscript"></p> <p><Meta content = "http://schemas.microsoft.com/intellisense/ie5"</p> <p>Name = "vs_targetschema"></p> <p></ HEAD></p> <p><Body ms_positioning = "gridLayout"></p> <p><Form id = "login" Method = "post" runat = "server"></p> <p><Table cellspacing = "0" cellpadding = "0" border = "0"></p> <p><Tr></p> <p><TD Valign = "TOP" align = "left"></p> <p><Asp: label id = "message" runat = "server" forcolor = "# ff0000"></p> <p></ Asp: label></p> <p></ Td></p> <p></ TR></p> <p><Tr></p> <p><TD Valign = "TOP" align = "left"></p> <p><B> e-mail: </ b></p> <p></ Td></p> <p></ TR></p> <p><Tr></p> <p><TD VALIGN = "TOP" align = "left"> <ask: textbox id = "username" runat = "server" width = "120"></p> <p></ Asp: textbox></p> <p></ Td></p> <p></ TR></p> <p><Tr></p> <p><TD Valign = "TOP" align = "left"></p> <p><B> pass</p> <p>Word: </ b></p> <p></ Td></p> <p></ TR></p> <p><Tr></p> <p><TD Valign = "TOP" align = "left"></p> <p><Ask: textbox id = "password" runat = "server"</p> <p>Width = "120" TextMode = "Password"></p> <p></ Asp: textbox></p> <p></ Td></p> <p></ TR></p> <p><Tr></p> <p><TD Valign = "TOP" align = "left"></p> <p><Ask: checkbox id = "savelogin" runat = "server"</p> <p>TEXT = "<b> save my login </ b>"></p> <p></ Asp: checkbox></p> <p></ Td></p> <p></ TR></p> <p><Tr></p> <p><TD Valign = "TOP" align = "right"></p> <p><Ask = "btnlogin" runat = "server"</p> <p>ImageURL = "/ images / w2k / login / btnlogin.gif"></p> <p></ Asp: imagebutton></p> <p></ Td></p> <p></ TR></p> <p></ TABLE></p> <p></ Form></p> <p></ Body></p> <p></ Html></p> <p>After the interface is done, you will start writing a submission button event. First, you need to register the event, the code is as follows:</p> <p>Private vidinitiRizeComponent ()</p> <p>{</p> <p>This.btnlogin.click = new system.web.ui.imageClicKeventHandler (this.btnlogin_click);</p> <p>.</p> <p>.</p> <p>.</p> <p>}</p> <p>After the event is registered, it is natural to write an event handler:</p> <p>Private void btnlogin_click (object sender, system.wareclickeventargs e) {</p> <p>CCOMMONDB SQL = New CCOMMONDB ();</p> <p>String redirect = "";</p> <p>IF ((Redirect = Sql.AuthenticateUser (this.Session, this.Response,</p> <p>Username.text, password.text, savelogin.checked)! = String.empty)</p> <p>{</p> <p>// redirect the user</p> <p>Response.redirect (redirect);</p> <p>}</p> <p>Else</p> <p>{</p> <p>Message.text = "login failed!";</p> <p>}</p> <p>}</p> <p>After reading the code above, you must ask where ccommondb comes to Dongdong. This is a class I have written. It is used to handle user login information. If success, write related information to session, cookie, and sql database, at the same time Jump to the Default.aspx page. details as follows:</p> <p>CCOMMONDB.CS</p> <p>Namespace Secure.comPonents</p> <p>{</p> <p>Public Class CCommondb: CSQL</p> <p>{</p> <p>Public ccommondb (): base () {}</p> <p>Public String AuthenticateUser</p> <p>System.Web.SessionState.httpSessionState Objsession, // session variable</p> <p>System.Web.httpResponse Objresponse, // Response Variable</p> <p>String email, // login</p> <p>String Pass</p> <p>Word, // Password</p> <p>Bool BPERSIST // Persist Login</p> <p>)</p> <p>{</p> <p>INT nloginid = 0;</p> <p>INT nlogintype = 0;</p> <p>// log the user in</p> <p>Login (Email, Password, Ref Nloginid, Ref Nlogintype);</p> <p>IF (nloginid! = 0) // Success</p> <p>{</p> <p>// log the user in</p> <p>System.Web.Security.FormSauthentication.SetAuthCookie (NLoginid.toString (), BPERSIST</p> <p>// set the session varAibles</p> <p>Objsession ["Loginid"] = nloginid.toString ();</p> <p>Objsession ["logintype"] = nlogintype.tostring ();</p> <p>// set cookie information incase the what name it Persistant</p> <p>System.Web.httpcookie WrapperCookie = New System.Web.httpcookie ("Wrapper");</p> <p>WrapperCookie.Value = Objsession ["wrapper"]. TOSTRING ();</p> <p>Wrappercookie.expires = datetime.now.adddays (30);</p> <p>System.Web.httpcookie LGNTYPECOOKIE = New System.Web.httpcookie ("Logintype");</p> <p>LGNTYPECOOKIE.VALUE = Objsession ["logintype"]. Tostring (); lgntypecookie.expires = datetime.now.addday;</p> <p>// add the cookie to the response</p> <p>ObjResponse.cookies.add (wrappercookie);</p> <p>Objresponse.cookies.add (lgntypecookie);</p> <p>Return "/candidate/default.aspx";</p> <p>}</p> <p>Case 1: // admin Login</p> <p>{</p> <p>Return "/admin/default.aspx";</p> <p>}</p> <p>Case 2: // Reporting Login</p> <p>{</p> <p>Return "/reports/default.aspx";</p> <p>}</p> <p>DEFAULT:</p> <p>{</p> <p>Return string.empty;</p> <p>}</p> <p>}</p> <p>}</p> <p>Else</p> <p>{</p> <p>Return string.empty;</p> <p>}</p> <p>}</p> <p>/// <summary></p> <p>/// verifier the login and pass</p> <p>Word That WERE GIVEN</p> <p>/// </ summary></p> <p>/// <param name = "email"> The login </ param></p> <p>/// <param name = "password"> The password </ param></p> <p>/// <param name = "nloginid"> Returns the login ID </ param></p> <p>/// <param name = "nlogintype"> returns the login type </ param></p> <p>Public void login (String Email, String Password, Ref Int Nloginid, Ref Int Nlogintype)</p> <p>{</p> <p>RESETSQL ();</p> <p>DataSet DS = New DataSet ();</p> <p>// setur parameters</p> <p>Sqlparameter paramlogin = new sqlparameter ("@ username", sqldbtype.varchar, 100);</p> <p>Paramlogin.value = email;</p> <p>Sqlparameter parampassword = new sqlparameter ("@ password", sqldbtype.varchar, 20);</p> <p>PARAMPASSWORD.VALUE = Password;</p> <p>Command.commandtype = commandtype.storedProcedure;</p> <p>Command.comMandText = "GLBL_LOGIN";</p> <p>Command.Parameters.Add (paramlogin);</p> <p>Command.Parameters.Add (parampassword);</p> <p>Adapter.TableMappings.Add ("Table", "Login");</p> <p>Adapter.selectCommand = Command;</p> <p>Adapter.Fill (DS);</p> <p>IF (ds.tables.count! = 0) {</p> <p>DataRow Row = ds.tables [0] .rows [0];</p> <p>// Get the login id and the login Type</p> <p>NLoginid = Convert.Toint32 (Row ["Login_ID"]. TOSTRING ());</p> <p>NlogintYpe = Convert.Toint32 (Row ["Login_Type"]. TOSTRING ());</p> <p>}</p> <p>Else</p> <p>{</p> <p>Nloginid = 0;</p> <p>Nlogintype = 0;</p> <p>}</p> <p>}</p> <p>}</p> <p>Abstract Public Class CSQL</p> <p>{</p> <p>Private SqlConnection SqlConnection; // Connection String</p> <p>Private Sqlcommand Sqlcommand; // Command</p> <p>Private sqldataadapter SqldataAdapter; // data adapter</p> <p>Private Dataset Sqldataset; // Data Set</p> <p>Public CSQL ()</p> <p>{</p> <p>SqlConnection = New SqlConnection (ConfigurationSttings.AppSettings ["Connectionstring"]);</p> <p>Sqlcommand = new SQLCOMMAND ();</p> <p>Sqldataadapter = new sqldataadapter ();</p> <p>SqlDataSet = new dataset ();</p> <p>Sqlcommand.connection = sqlConnection;</p> <p>}</p> <p>/// <summary></p> <p>/// Access tour SQL Command</p> <p>/// </ summary></p> <p>Protected Sqlcommand Command</p> <p>{</p> <p>Get {return sqlcommand;}</p> <p>}</p> <p>/// <summary></p> <p>/// Access to our data adapter</p> <p>/// </ summary></p> <p>Protected SqldataAdapter Adapter</p> <p>{</p> <p>Get {return sqldataadapter;</p> <p>}</p> <p>/// <summary></p> <p>/// Makes Sure That EVERYTHING IS CLEAR AND Ready for a New Query</p> <p>/// </ summary></p> <p>protected void resetsql ()</p> <p>{</p> <p>IF (SQLCommand! = NULL)</p> <p>{</p> <p>Sqlcommand = new SQLCOMMAND ();</p> <p>Sqlcommand.connection = sqlConnection;</p> <p>}</p> <p>IF (SqlDataAdapter! = NULL)</p> <p>Sqldataadapter = new sqldataadapter ();</p> <p>IF (SqlDataSet! = NULL)</p> <p>SqlDataSet = new dataset ();</p> <p>}</p> <p>/// <summary></p> <p>/// Runs Our Command and returns the dataset</p> <p>/// </ summary></p> <p>/// <returns> The data set </ returns></p> <p>protected dataset runquery () {</p> <p>SqldataAdapter.selectCommand = Command;</p> <p>SqlConnection.Open ();</p> <p>SqlConnection.Close ();</p> <p>SqlDataAdapter.Fill (SqlDataSet);</p> <p>Return SqlDataSet;</p> <p>}</p> <p>}</p> <p>}</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-126351.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="126351" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.037</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'N5nnPwXaDU4PNJU9nJgX_2BT_2BUvu3kq19I3BkPaFRwoSZ6RKUcd0SuH9SUpjaqAuUSfN1cBVAa6uCz8sk2UJCfUg_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>