ASP.NET登录问题 急求各位高手!
我在SQLSERVER数据库中建了User表 和 UserGroupID表(记录用户对应的角色分别为管理员UserGroupID为1、分析员ID为2、登记员ID为3),(只使用一个登陆界面)在登录时从数据库中读取用户信息,用session记录下用户的角色ID,进行判断后,进入主页面(嵌套的母模板,里面有三个Panel,分别装着菜单导航项),在主页面中接受登录时传来的角色ID,然后判断不同的用户角色,显示不同的Panel菜单导航项,下面是我写的代码,运行不能进入主页,直接显示的错误信息页面,是不是代码的问题,需不需要写web.config?请大家指点一下登录界面的后台代码:
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
public partial class Login : System.Web.UI.Page
{
//private static string strConnect =
//System.Configuration.ConfigurationManager.AppSettings["theconnection"];
private static string strConnect = ConfigurationManager.ConnectionStrings["theconnection"].ConnectionString;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void txtExit_Click(object sender, EventArgs e)
{
txtUserName.Text = "";
txtPassWord.Text = "";
}
protected void btSubmit_Click(object sender, EventArgs e)
{
//数据库连接 By Dun
SqlConnection objConnection = new SqlConnection(strConnect);
//数据库命令
SqlCommand objCommand = new SqlCommand("", objConnection);
//设置Sql语句
objCommand.CommandText =
"SELECT UserID,UserName,UserGroupID FROM User WHERE UserName = @UserName AND Password =@ PassWord";
//设置Sql语句参数
objCommand.Parameters.Add("UserName", SqlDbType.VarChar);
objCommand.Parameters.Add("PassWord", SqlDbType.VarChar);
try
{
//打开数据库连接
if (objConnection.State == ConnectionState.Closed)
{
objConnection.Open();
}
//获取运行结果
SqlDataReader result = objCommand.ExecuteReader();
if (result.Read() == true)
{
//设置用户ID的Session 全局变量
Session["UserID"] = result["UserID"].ToString();
Session["UserName"] = result["UserName"].ToString();
Session["UserGroupID"] = result["UserGroupID"].ToString();
if (Session["UserGroupID"].ToString() == "1")
{
Response.Redirect("~/Ui/HomePage/HomePage.aspx");
}
else if ( Session["UserGroupID"].ToString() == "2")
{
Response.Redirect("~/Ui/HomePage/HomePage.aspx");
}
else {
Response.Redirect("~/Ui/HomePage/HomePage.aspx");
}
}
else
{
//如果是没有注册的用户,给出提示!
Response.Write("<script>alert('您的输入信息有误,请重新输入,如果是新用户,请注册!');</script>");
}
}
catch (SqlException exp)
{
//填充session里面的错误信息,并跳转到错误信息显示页面
Session["Error"] = exp.Message;
Response.Redirect("Error.aspx");
}
finally
{
//关闭数据库连接
if (objConnection.State == ConnectionState.Open)
{
objConnection.Close();
}
}
}
}
母版(主页是使用母模板)后台代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class UiMaster : System.Web.UI.MasterPage
{
protected void Page_Load(object sender, EventArgs e)
{
//string UserGroupID = Session["UserGroupID"].ToString();
if (Session["UserGroupID"] !=null)
{
if (Session["UserGroupID"].ToString() =="1")
{
this.Panel1.Visible=false;
this.Panel2.Visible=false;
this.Panel3.Visible=true;
}
else if (Session["UserGroupID"].ToString() == "2")
{
this.Panel1.Visible =false;
this.Panel2.Visible =true;
this.Panel3.Visible =false;
}
else
{
this.Panel1.Visible = true;
this.Panel2.Visible =false;
this.Panel3.Visible =false;
}
}
else
{
Response.Redirect("Login.aspx");
}
}
}
--------------------编程问答--------------------
string queryString= "SELECT UserID,UserName,UserGroupID FROM User WHERE UserName = @UserName AND Password =@PassWord";
using (SqlConnection connection = new SqlConnection(
strConnect))
{
SqlCommand command = new SqlCommand(
queryString, connection);
connection.Open();
SqlDataReader result= command.ExecuteReader();
try
{
while (result.Read())
{
Session["UserID"] = result["UserID"].ToString();
Session["UserName"] = result["UserName"].ToString();
Session["UserGroupID"] = result["UserGroupID"].ToString();
}
}
finally
{
// Always call Close when done reading.
reader.Close();
}
}
你的strConnect是多少 是否能连接上数据库
单步调试 --------------------编程问答-------------------- 一般把连接字符串写在web.config文件中,最好加密后保存
Response.Redirect("~/Ui/HomePage/HomePage.aspx");
这行你用了~开头的地址,如果是虚拟目录,那么地址应该是错误的,最好用../这种标示上级目录 --------------------编程问答-------------------- strConnect 是“theconnection” 我在数据库里面写的连接字符串 --------------------编程问答-------------------- 具体的错误信息是什么,另外不要用SESSION来保存.
当访问量大的时候会严重拖跨服务器.
我的建议是一个SESSION 保存名字 判断是否登陆成功,
权利的话 用cookie判断, 把cookie失效时间设定为浏览器关闭就失效 --------------------编程问答-------------------- 配置好 数据库连接 再说
补充:.NET技术 , ASP.NET