Simple way i am able to authenticate login page. How can i do that authentication in 3 tier architecture? please somebody send me the code that what should be in DAL,BAL,and GUI layers? Here is my simple code:
简单的方法我能够验证登录页面。如何在3层架构中进行身份验证?请有人给我发送DAL,BAL和GUI图层应该是什么代码?这是我的简单代码:
Web.config:
<authentication mode="form">
<form loginurl="Login.aspx">
<credential password Format="clear">
<user name="abcd" password="1234">
</credential>
</authentication>
</form>
<authorization>
<deny users="?">
</authorization>
login.aspx.cs:
sqlconnection con=new sqlconnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
sqldataAdapter da=new sqldataAdapter("select * from Login where UserName='"+TextBox1.Text+"' and Password='"+TextBox2.Text+"'",con);
Dataset ds=new Dataset();
da.Fill(ds);
if(ds.Tables[0].rows.Count>0)
{
if(FormAuthentication.Authenticate("abcd","1234")
{
FormAuthentication.RedirectFromLoginPage(TextBox1.Text,false);
Response.write("Logged in");
}
else
{
Response.write("Unautherised User");
}
Response.Redirect("welcome.aspx");
}
else
{
Response.write("Sorry Invalid UserName or Password");
}
2 个解决方案
#1
In general you should have at least the following classes:
通常,您应该至少具有以下类别:
- In DAL you should have a Class that hands of database connections
- In BAl you should have a Class that represents every user instance. This class should have a method called login() where all the authentication and authorization takes place.
- A web form representing the user interface.
在DAL中,您应该有一个掌握数据库连接的类
在BAl中,您应该有一个代表每个用户实例的Class。该类应该有一个名为login()的方法,其中进行所有身份验证和授权。
表示用户界面的Web表单。
Also, to prevent SQL injections never concatenate query strings. Use parameters instead.
此外,为防止SQL注入永远不会连接查询字符串。请改用参数。
Here are some example classes:
以下是一些示例类:
namespace DAL
{
public class ConnectionManager
{
public static SqlConnection GetConnection() {
SqlConnection cn = new SqlConnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
cn.Open();
return cn;
}
}
}
namespace BAL
{
public class User
{
public string UserName { get; set; }
public string Password { private get; set; }
public bool Login() {
return Login(this.UserName, this.Password);
}
public bool Login(string user, string password) {
bool success=false;
using (SqlConnection cn = ConnectionManager.GetConnection())
{
string sql = "select count(*) from Login where UserName=@user and Password=@password";
using (SqlCommand command = new SqlCommand(sql, cn))
{
command.Parameters["@user"].Value = user;
command.Parameters["@password"].Value = password;
success = (int)command.ExecuteScalar() > 0;
}
cn.Close();
}
return success;
}
}
}
#2
Slightly at a loss as to why you would want to reinvent the wheel? ASP.NET Membership provider does this all for you, and if you need to heavily modify its behaviour, its open source, easy to read, understand and change. It can be integrated easily with your own n-tier architecture - we do this all the time.
为什么你想要重新发明*,有点不知所措? ASP.NET成员资格提供程序为您完成所有这些工作,如果您需要大量修改其行为,那么它的开源,易于阅读,理解和更改。它可以与您自己的n层架构轻松集成 - 我们始终这样做。
#1
In general you should have at least the following classes:
通常,您应该至少具有以下类别:
- In DAL you should have a Class that hands of database connections
- In BAl you should have a Class that represents every user instance. This class should have a method called login() where all the authentication and authorization takes place.
- A web form representing the user interface.
在DAL中,您应该有一个掌握数据库连接的类
在BAl中,您应该有一个代表每个用户实例的Class。该类应该有一个名为login()的方法,其中进行所有身份验证和授权。
表示用户界面的Web表单。
Also, to prevent SQL injections never concatenate query strings. Use parameters instead.
此外,为防止SQL注入永远不会连接查询字符串。请改用参数。
Here are some example classes:
以下是一些示例类:
namespace DAL
{
public class ConnectionManager
{
public static SqlConnection GetConnection() {
SqlConnection cn = new SqlConnection("server=localhost;database=dbname;uid=;pwd=;Trusted_Connection=true");
cn.Open();
return cn;
}
}
}
namespace BAL
{
public class User
{
public string UserName { get; set; }
public string Password { private get; set; }
public bool Login() {
return Login(this.UserName, this.Password);
}
public bool Login(string user, string password) {
bool success=false;
using (SqlConnection cn = ConnectionManager.GetConnection())
{
string sql = "select count(*) from Login where UserName=@user and Password=@password";
using (SqlCommand command = new SqlCommand(sql, cn))
{
command.Parameters["@user"].Value = user;
command.Parameters["@password"].Value = password;
success = (int)command.ExecuteScalar() > 0;
}
cn.Close();
}
return success;
}
}
}
#2
Slightly at a loss as to why you would want to reinvent the wheel? ASP.NET Membership provider does this all for you, and if you need to heavily modify its behaviour, its open source, easy to read, understand and change. It can be integrated easily with your own n-tier architecture - we do this all the time.
为什么你想要重新发明*,有点不知所措? ASP.NET成员资格提供程序为您完成所有这些工作,如果您需要大量修改其行为,那么它的开源,易于阅读,理解和更改。它可以与您自己的n层架构轻松集成 - 我们始终这样做。