0
我能够在每次成功登录后将用户重定向到默认网址(Default.aspx)页面。现在我想确保不是管理员的员工尝试访问登录(Unauthorized.aspx)到默认页面。我使用两个asp.net页面(Default.apsx和Unauthorized.aspx)。但问题是,当我使用管理员重定向到另一个页面(Unauthorized.apsx)而不是默认的URL页面的玛丽谭。这是我的错误:ASP.NET重定向到默认网址以外的页面
人员和管理:
输出:
Web.config文件:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" slidingExpiration="true" timeout="20"></forms>
</authentication>
Login.aspx.cs编码:
public partial class Login : System.Web.UI.Page
{
SqlConnection conn = null;
SqlCommand cmd = null;
string connectionString = null;
string staffName = null;
string staffId = null;
string role = null;
protected void Page_Load(object sender, EventArgs e)
{
}
public bool CheckValidUser(string Username, string Password)
{
bool valid = false;
SqlDataReader dr = null;
connectionString = ConfigurationManager.ConnectionStrings["LeaveManagementCS"].ConnectionString;
string sql = "SELECT * from Staff WHERE [email protected] AND [email protected] And Role=N'A' OR Role=N'S'";
try
{
conn = new SqlConnection(connectionString);
cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@Username", Username);
cmd.Parameters.AddWithValue("@Pwd", Password);
conn.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
staffName = dr["StaffName"].ToString();
staffId = dr["StaffId"].ToString();
role = dr["Role"].ToString();
valid = true;
}
else
{
lblOutput.Text = "There is an error logging in. Please check username or password.";
}
dr.Close();
}
catch (Exception ex)
{
lblOutput.Text = "Error Message: " + ex.Message;
}
finally
{
if (conn != null)
conn.Close();
}
return valid;
}
protected void tbLogin_Click(object sender, EventArgs e)
{
bool validUser = CheckValidUser(tbUsername.Text, tbPassword.Text);
if (validUser)
{
Session["StaffName"] = staffName;
FormsAuthentication.SetAuthCookie(staffName, false);
FormsAuthentication.RedirectFromLoginPage(staffName, false);
Session["StaffId"] = staffId;
FormsAuthentication.SetAuthCookie(staffId, false);
FormsAuthentication.RedirectFromLoginPage(staffId, false);
Session["Role"] = role;
FormsAuthentication.SetAuthCookie(role, true);
Response.Redirect("~/Unauthorized.aspx");
}
else
{
lblOutput.Text = "Invalid User. Please try again.";
}
}
}