且构网

分享程序员开发的那些事...
且构网 - 分享程序员编程开发的那些事

帮助:验证码

更新时间:2022-10-17 19:03:57

" VB Programmer" < GR ********* @ go-intech.com>在消息中写道

新闻:uZ ************** @ TK2MSFTNGP09.phx.gbl ...
请帮助...... 。

...
问题1:在Application_AuthenticateRequest中,对于
IsInRole的If语句。总是掉到别的地方,就像它不知道我为表格登录填写的
。有任何想法吗?


请记住,HTTP是无状态的,ASP.NET也是如此。当你到达
Application_AuthenticateRequest时,你在Login中所做的一切都消失了。

你需要保留它,可能在Forms身份验证票证中。请参阅我的

回复您之前的帖子,

问题:COntext.User.IsInRole。

问题2:在我的登录代码中我实际上有Context.User =在案件陈述之外,但它一直说名字''arrRoles''没有被宣布。
即使我在案件陈述中声明了它。任何想法?




看起来每个case子句都引入了一个新的范围。您是否注意到

您能够三次声明相同的名称?当那个案例

子句完成时,范围就消失了,在那个

范围内声明的变量也是如此。在选择之前声明您的数组并在每个案例中设置

条款。

-

John Saunders

互联网工程师> jo***********@surfcontrol.com


使用表单身份验证...


1.修改< Web.config>

打开表单身份验证...

<身份验证模式="表单">

< forms name =" .ASPXAUTH" loginUrl = QUOT;&的Login.aspx QUOT; />

< / authentication>

< authorization>

< deny users ="?" />

< / authorization>


在文件结尾前插入添加安全目录的部分....

< location path =" Secured">

< system.web>

< authorization>

<允许roles =" admin" />

< deny users =" *" />

< / authorization>

< /system.web>

< / location>


2. Login.aspx

用户验证后(在db,xml等中...)添加:


系统.Web.Security.FormsAuthentication.RedirectFr omLoginPage(txtUserName.Te

xt.Trim,True)


3. Global.asax.vb

首先添加进口声明Imports System.Security.Principal


然后......

Sub Application_AuthenticateRequest(ByVal sender As Object,ByVal e As

EventArgs)

''试图验证使用时发生火灾

如果Request.IsAuthenticated那么

''获取用户'的角色

Dim cnnMyConnection As SqlConnection = New

SqlConnection(ConfigurationSettings.AppSettings(" M yDsnString"))

Dim cmdMyCmd As SqlCommand = New SqlCommand(" SELECT blah FROM

blah WHERE blah",cnnMyConnection)

Dim drUsers作为SqlDataReader


cnnMyConnection.Open()

drUsers = cmdMyCmd.ExecuteReader


虽然drUsers.Read

Select Case drUsers.GetValue(1)

Case 0''guest(只读)

Dim arrRoles()As String = {" guest"}

Context.User = New

System.Security.Principal.GenericPrincipal(User.Id entity,arrRoles)

案例1''用户(启动/停止引擎)

Dim arrRoles()As String = {" guest"," user"}

Context.User =新的

System.Security.Principal.GenericPrincipal(User.Id实体,arrRoles)

案例2''管理员(一切)

Dim arrRoles ()As String = {" guest"," user",

" admin"}

Context.User = New

System.Security.Principal.GenericPrincipal(User.Id entity,arrRoles)

结束选择

结束时


cnnMyConnection。关闭()


''如果Context.User.IsInRole(" guest")那么Response.Write(" GUEST"

& Context.User.Identity.Name)

结束如果

End Sub


" VB Programmer" &LT; GR ********* @ go-intech.com&GT;在消息中写道

news:eO **************** @ TK2MSFTNGP10.phx.gbl ...
使用表格认证...

.... 3. Global.asax.vb
首先添加进口声明Imports System.Security.Principal

然后。 ..
Sub Application_AuthenticateRequest(ByVal发送者作为对象,ByVal e As
EventArgs)
''试图验证使用时触发
如果Request.IsAuthenticated那么
' '获取用户'的角色
Dim cnnMyConnection As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings(" M yDsnString"))
Dim cmdMyCmd As SqlCommand = New SqlCommand(" SELECT) blah FROM
blah WHERE blah",cnnMyConnection)
Dim drUsers As SqlDataReader

cnnMyConnection.Open()
drUsers = cmdMyCmd.ExecuteReader

>当drUsers.Read
Select Case drUsers.GetValue(1)
案例0''客人(只读)
Dim arrRoles()As String = {" guest"}
Context.User = New 案例1''用户(启动/停止引擎)
Dim arrRoles()As String = {" guest", " user"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity,arrRoles)
案例2''管理员(一切)
昏暗arrRoles()As String = {" guest"," user",
" admin"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id实体,arrRoles)
结束选择
结束时

cnnMyConnec关闭()

''如果Context.User.IsInRole(" guest")那么Response.Write(" GUEST
" &安培; Context.User.Identity.Name)
结束如果
结束子




您的代码将正常工作,并将继续运行每个请求都在您的网络应用程序的页面中。

。这是很多数据库的工作。


我建议你把数据库代码放到Login中,将结果角色保存在

表单认证的UserData中门票,并在

Application_AuthenticateRequest中检索。

-

John Saunders

互联网工程师
jo***********@surfcontrol.com


PLEASE HELP....

I''m having trouble. In my login form after I''ve verified the
username/password are valid I do this:
Select Case iMyPrivilege
Case 0
Dim arrRoles() As String = {"guest"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
Case 1
Dim arrRoles() As String = {"guest", "user"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
Case 2
Dim arrRoles() As String = {"guest", "user""admin"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
End Select

In my Global.asax.vb I have this code:
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
'' Fires upon attempting to authenticate the use
If Request.IsAuthenticated Then
If Context.User.IsInRole("guest") Then
Response.Write("GUEST: " & Context.User.Identity.Name)
ElseIf Context.User.IsInRole("user") Then
Response.Write("USER: " & Context.User.Identity.Name)
ElseIf Context.User.IsInRole("admin") Then
Response.Write("ADMIN: " & Context.User.Identity.Name)
Else
Response.Write("????: " & Context.User.Identity.Name)
End If
End If
End Sub

PROBLEM 1: In Application_AuthenticateRequest the If statement for
"IsInRole" ALWAYS drops to the Else, like it doesn''t recognize what I filled
in for form login. Any ideas?

PROBLEM 2: In my Login code I actually had "Context.User =" line outside
the case statement but it kept saying "Name ''arrRoles'' is not declared."
even though I did declare it in the case statement. Any ideas?

Thanks!

"VB Programmer" <gr*********@go-intech.com> wrote in message
news:uZ**************@TK2MSFTNGP09.phx.gbl...
PLEASE HELP....

...
PROBLEM 1: In Application_AuthenticateRequest the If statement for
"IsInRole" ALWAYS drops to the Else, like it doesn''t recognize what I filled in for form login. Any ideas?
Remember that HTTP is stateless, and so is ASP.NET. By the time you get to
Application_AuthenticateRequest, everything you ever did in Login is gone.
You need to persist it, probably in the Forms Authentication ticket. See my
response to your earlier post, "
Question: COntext.User.IsInRole".

PROBLEM 2: In my Login code I actually had "Context.User =" line outside
the case statement but it kept saying "Name ''arrRoles'' is not declared."
even though I did declare it in the case statement. Any ideas?



It looks like the case clauses each introduce a new scope. Did you notice
that you were able to declare the same name three times? When that case
clause is done, the scope is gone, and so are any variables declared in that
scope. Declare your array before the "Select" and just set it in each Case
clause.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com


To use forms authentication...

1. Modify <Web.config>
Turn on forms authentication...
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

Insert before the end of the file add the section for Secured dir....
<location path="Secured">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*" />
</authorization>
</system.web>
</location>

2. Login.aspx
After user is verified (in db, xml, etc...) add this:

System.Web.Security.FormsAuthentication.RedirectFr omLoginPage(txtUserName.Te
xt.Trim, True)

3. Global.asax.vb
First add imports statement "Imports System.Security.Principal"

Then...
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
'' Fires upon attempting to authenticate the use
If Request.IsAuthenticated Then
'' Get the user''s role
Dim cnnMyConnection As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("M yDsnString"))
Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT blah FROM
blah WHERE blah", cnnMyConnection)
Dim drUsers As SqlDataReader

cnnMyConnection.Open()
drUsers = cmdMyCmd.ExecuteReader

While drUsers.Read
Select Case drUsers.GetValue(1)
Case 0 '' guest (read only)
Dim arrRoles() As String = {"guest"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
Case 1 '' user (start/stop engines)
Dim arrRoles() As String = {"guest", "user"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
Case 2 '' admin (everything)
Dim arrRoles() As String = {"guest", "user",
"admin"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
End Select
End While

cnnMyConnection .Close()

''If Context.User.IsInRole("guest") Then Response.Write("GUEST "
& Context.User.Identity.Name)
End If
End Sub


"VB Programmer" <gr*********@go-intech.com> wrote in message
news:eO****************@TK2MSFTNGP10.phx.gbl...
To use forms authentication...
.... 3. Global.asax.vb
First add imports statement "Imports System.Security.Principal"

Then...
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
'' Fires upon attempting to authenticate the use
If Request.IsAuthenticated Then
'' Get the user''s role
Dim cnnMyConnection As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("M yDsnString"))
Dim cmdMyCmd As SqlCommand = New SqlCommand("SELECT blah FROM
blah WHERE blah", cnnMyConnection)
Dim drUsers As SqlDataReader

cnnMyConnection.Open()
drUsers = cmdMyCmd.ExecuteReader

While drUsers.Read
Select Case drUsers.GetValue(1)
Case 0 '' guest (read only)
Dim arrRoles() As String = {"guest"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
Case 1 '' user (start/stop engines)
Dim arrRoles() As String = {"guest", "user"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
Case 2 '' admin (everything)
Dim arrRoles() As String = {"guest", "user",
"admin"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Id entity, arrRoles)
End Select
End While

cnnMyConnection .Close()

''If Context.User.IsInRole("guest") Then Response.Write("GUEST " & Context.User.Identity.Name)
End If
End Sub



Your code will work fine, and will run on every request made to a page in
your web application. That''s a lot of database work.

I suggest you put the database code into Login, save the resultant roles in
the UserData of the Forms Authentication Ticket, and retrieve them in
Application_AuthenticateRequest.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com