??? ??? ????? ???????? ???????? ??? ??????? ?? ????? ASP.NET ????? ?? ???????? C #.NET

?????? ????????? ?????? ?????????
???? ???????: 301240 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???? | ?? ????

?? ??? ??????

??????

???? ??? ??????? ????? ????? ???????? ??? ??????? ???????? ???????? ????? ?????? ?????? ??????????.

???????

???? ??????? ??????? ??????? ?????? ???? ???????? ?????? ???????? ??????? ???? ??????? ???? ???????:
  • Microsoft Visual Studio.NET
  • Microsoft ?????? ??????? Services (IIS) ??????? 5.0 ?? ????? ????
  • ???? Microsoft SQL

????? ????? ASP.NET ???????? C#.NET

  1. ?? ???? Visual Studio.NET.
  2. ????? ????? ??? ASP.NET ????? ???? ??? ??????.

????? ??????? ?????? ?? ??? Web.config

???? ??? ????? ????? ????? ?????? <authentication></authentication> ? <authorization></authorization> ????? ??????? ?????? ????? ASP.NET ??? ??????? ???????? ???????? ??? ???????.
  1. ?? "?????? ??????"? ???? ??? Web.config.
  2. ????? ??? ?????? ??? ???????.
  3. ?? ?????? ????? <Forms>? ???????? ???????? ????. (????? ?? ????????? ??? ??? ??????? ???? ??? ???? MSDN ????? ?? ????? ??????? ?????? ??????? ?? </Forms>????? ??????.) ?????? ????????? ???????? ??????? ??? ?? ???? ??? ??? ? HTML ???????? ??????? ???? ????????? ???????? ?? <authentication></authentication> ?????? ?? ?????:
    <authentication mode="Forms">
       <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx" 
       protection="All" path="/" timeout="30" />
    </authentication> 
    					
  4. ??? ?????? ??? ???????? ??????? ?? <authorization></authorization> ?????? ??? ???:
    <authorization>
       <deny users ="?" />
       <allow users = "*" />
    </authorization>
    					

????? ???? ????? ?????? ????? ??? ?????? ?????????? ??????

???? ??? ????? ????? ????? ????? ?????? ????? ??? ????? ??? ???????? ????? ?????? ??? ??????????. ????? ?????? ??? ??? ??? ???? ????? ????? ?????????? ?? ????? ???????? ?????? ?????? ??? ????? ????.
  1. ??? ??? ????? ???????? ???? ????????? ?? ???? ?????? "???????" ???? ?????? "???????".
  2. ????? ????? ??? ??? ???????? ????? SQL ??????? ???? ????? ?????? ????????? ???????? ??? ?? ???? ??? ????. ?? "???????"? ???? ?????? ??? ????? ???? ??????? ????????? ????????:
    if exists (select * from sysobjects where id = 
    object_id(N'[dbo].[Users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
    drop table [dbo].[Users]
    GO
    CREATE TABLE [dbo].[Users] (
       [uname] [varchar] (15) NOT NULL ,
       [Pwd] [varchar] (25) NOT NULL ,
       [userRole] [varchar] (25) NOT NULL ,
    ) ON [PRIMARY]
    GO
    ALTER TABLE [dbo].[Users] WITH NOCHECK ADD 
       CONSTRAINT [PK_Users] PRIMARY KEY  NONCLUSTERED 
       (
          [uname]
       )  ON [PRIMARY] 
    GO
    
    INSERT INTO Users values('user1','user1','Manager')
    INSERT INTO Users values('user2','user2','Admin')
    INSERT INTO Users values('user3','user3','User')
    GO
    					
  3. ??? ????? ? Users.sql.
  4. ??? ??????? Microsoft SQL Server? ???? Users.sql ?? ???? ???????. ?? ????? ????? ????????? ???? ??? pubs? ? ????? ???????? ?????. ???? ???? ?????? ????? ???? ???????? ????? ???? ?????? ??????? ?? ????? ?????? Pubs ????????? ?? ??? ???????.

????? ???? Logon.aspx

  1. ????? "????? ???" ???? ??? ??????? ???? Logon.aspx.
  2. ???? ?????? Logon.aspx ?? ??????? ??? ???????? ??? HTML ????? ?????.
  3. ??? ????????? ???????? ???????? ?????????? ??? HTML ??? ????? ??????? ????? ????????? ???????? ???<form>????????: </form>
    <h3>
       <font face="Verdana">Logon Page</font>
    </h3>
    <table>
       <tr>
          <td>Email:</td>
          <td><input id="txtUserName" type="text" runat="server"></td>
          <td><ASP:RequiredFieldValidator ControlToValidate="txtUserName"
               Display="Static" ErrorMessage="*" runat="server" 
               ID="vUserName" /></td>
       </tr>
       <tr>
          <td>Password:</td>
          <td><input id="txtUserPass" type="password" runat="server"></td>
          <td><ASP:RequiredFieldValidator ControlToValidate="txtUserPass"
              Display="Static" ErrorMessage="*" runat="server" 
              ID="vUserPass" />
          </td>
       </tr>
       <tr>
          <td>Persistent Cookie:</td>
          <td><ASP:CheckBox id="chkPersistCookie" runat="server" autopostback="false" /></td>
          <td></td>
       </tr>
    </table>
    <input type="submit" Value="Logon" runat="server" ID="cmdLogin"><p></p>
    <asp:Label id="lblMsg" ForeColor="red" Font-Name="Verdana" Font-Size="10" runat="server" />
    						
    ?????? ??? "??????? ???" ?????? ????? ????? ???? ?????????? ??? ????? ??? ????? ??? ???????? ????? ?????? ?????? ?????? ??? ???????.
  4. ?? ???????? ??? ????? ??? ???????? ??? ???? ??????.

????????? ???????? ????? ????? ??? ??? ?????? ?? ??? ?????? ?????? ????????

???? ??? ?????? ????????? ???????? ???? ??? ????? ?? ????????? ???????? ??????? ?????? (Logon.aspx.cs).
  1. ???? ????? ??????? ??? ????? ?????? ???? ????? Logon.aspx.cs.
  2. ??????? ?????? ??????? ???????? ?? ??? ????????? ???????? ???????:
    using System.Data.SqlClient;
    using System.Web.Security;
    					
  3. ????? ???? ValidateUser ?????? ?? ??? ?????? ?????? ???????? ?? ???? ????? ?? ????? ????????. (???? ?? ????? ????? ??????? ??????? ??? ????? ?? ????? ??????).
    private bool ValidateUser( string userName, string passWord )
    {
    	SqlConnection conn;
    	SqlCommand cmd;
    	string lookupPassword = null;
    
    	// Check for invalid userName.
    	// userName must not be null and must be between 1 and 15 characters.
    	if ( (  null == userName ) || ( 0 == userName.Length ) || ( userName.Length > 15 ) )
    	{
    		System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of userName failed." );
    		return false;
    	}
    
    	// Check for invalid passWord.
    	// passWord must not be null and must be between 1 and 25 characters.
    	if ( (  null == passWord ) || ( 0 == passWord.Length ) || ( passWord.Length > 25 ) )
    	{
    		System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of passWord failed." );
    		return false;
    	}
    
    	try
    	{
    		// Consult with your SQL Server administrator for an appropriate connection
    		// string to use to connect to your local SQL Server.
    		conn = new SqlConnection( "server=localhost;Integrated Security=SSPI;database=pubs" );
    		conn.Open();
    
    		// Create SqlCommand to select pwd field from users table given supplied userName.
    		cmd = new SqlCommand( "Select pwd from users where uname=@userName", conn );
    		cmd.Parameters.Add( "@userName", SqlDbType.VarChar, 25 );
    		cmd.Parameters["@userName"].Value = userName;
    
    		// Execute command and fetch pwd field into lookupPassword string.
    		lookupPassword = (string) cmd.ExecuteScalar();
    
    		// Cleanup command and connection objects.
    		cmd.Dispose();
    		conn.Dispose();
    	}
    	catch ( Exception ex )
    	{
    		// Add error handling here for debugging.
    		// This error message should not be sent back to the caller.
    		System.Diagnostics.Trace.WriteLine( "[ValidateUser] Exception " + ex.Message );
    	}
    
    	// If no password found, return false.
    	if ( null == lookupPassword ) 
    	{
    		// You could write failed login attempts here to event log for additional security.
    		return false;
    	}
    
    	// Compare lookupPassword and input passWord, using a case-sensitive comparison.
    	return ( 0 == string.Compare( lookupPassword, passWord, false ) );
    
    }
    					
  4. ????? ??????? ???? ??????? ?????? ??????? ??? ????? ?????? ???????? ?????? ????? ???????? ??? ???? ?????? ?? ????? cmdLogin_ServerClick . ??? ????? ????? ????????? ???????? ??? ?? ????? ?????????. ?????? ?? ?? ??? ???? ????? ????? ??.
    • ??????? ??????? ????????????????????? ?????? ??? ????? ?????? ?????? ??????? ???????? ?????? ????? ???????? ??? ???? ?????? ?? ????? cmdLogin_ServerClick :
      private void cmdLogin_ServerClick(object sender, System.EventArgs e)
      {
      if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
      	FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,
      		chkPersistCookie.Checked);
      	else
      		Response.Redirect("logon.aspx", true);
      }
      						
    • ????? ????? ????????? ???????? ????? ??? ????? ??????? ????? ??? ?????????? ?????? ????? ????????. ????? ??? ?????? ?????? ?? ????? ????? ??? ????? ????????. ????? ???? ????? ???????? ??????? ??? ??? ?? ?????????????????????? ?? ??? ??????.
      private void cmdLogin_ServerClick(object sender, System.EventArgs e)
      {
         if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
         {
            FormsAuthenticationTicket tkt;
            string cookiestr;
            HttpCookie ck;
            tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now, 
      DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data");
            cookiestr = FormsAuthentication.Encrypt(tkt);
            ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
            if (chkPersistCookie.Checked)
            ck.Expires=tkt.Expiration;	
      		    ck.Path = FormsAuthentication.FormsCookiePath; 
            Response.Cookies.Add(ck);
      
            string strRedirect;
            strRedirect = Request["ReturnUrl"];
            if (strRedirect==null)
                  strRedirect = "default.aspx";
               Response.Redirect(strRedirect, true);
         }
         else
            Response.Redirect("logon.aspx", true);
      }
      						
  5. ???? ?? ??? ?? ??? ????? ????????? ???????? ??????? ??? ??????? InitializeComponent ?? ????????? ???????? ???? ???? "???? ????? ???":
    this.cmdLogin.ServerClick += new System.EventHandler(this.cmdLogin_ServerClick);
    					

????? ???? Default.aspx

???? ??? ?????? ???? ?????? ???? ??? ????? ?????????? ??? ????????. ?? ???? ??????? ?????????? ??? ??? ?????? ??? ????? ????? ?????? ???????? ??? ??????? ??? ???? ????? ??????.
  1. ????? ????? ?????? WebForm1.aspx ???????? ???? Default.aspx? ? ???? ?? ??????.
  2. ?? ???????? ??? ????? ??? HTML? ???? ???????? ???????? ??????? ??? ?????<form>????????: </form>
    <input type="submit" Value="SignOut" runat="server" id="cmdSignOut">
    						
    ?????? ??? ???? ????? ?????? ?????? ??????? ???? ?????.
  3. ?? ???????? ??? ????? ??? ???????? ??? ???? ??????.
  4. ??????? ?????? ??????? ???????? ?? ??? ????????? ???????? ???????:
    using System.Web.Security;
    					
  5. ???? ????? ??????? ??? ????? ?????? ???? ????????? ????????-????? ?????? (. aspx. cs)? ????? ????????? ???????? ??????? ?? ????? ??????? cmdSignOut_ServerClick :
    private void cmdSignOut_ServerClick(object sender, System.EventArgs e)
    {
       FormsAuthentication.SignOut();
       Response.Redirect("logon.aspx", true);
    }
    					
  6. ???? ?? ??? ?? ??? ????? ????????? ???????? ??????? ??? ??????? InitializeComponent ?? ????????? ???????? ???? ???? "???? ????? ???":
    this.cmdSignOut.ServerClick += new System.EventHandler(this.cmdSignOut_ServerClick);
    					
  7. ??? ?? ????? ???????. ????? ???? ??????? ???????.

??????? ??????

  • ?? ????? ??? ????? ????? ?????? ???? ??? ?? ????? ??????. ????? ????? ??????? ?????? ?????? ???????? ???? FormsAuthentication ?????? ???????????????????????????????? ?????? ????? ?????? ??? ?? ???? ???????? ?? ????? ???????? ?? ??? ???????.
  • ?? ????? ??? ????? ??????? ??????? SQL ?? ??? ??????? (Web.config) ??? ????? ?????? ?????? ??? ????????.
  • ?? ????? ??? ????? ??????? ?????? ???? ?????????? ????????? ????? ??????? ??????? ??????? ?????? ?? ????? ?????? ?? ????? ??????. ??? ???? ??????? ????? ????? ???? ???? ??????? ????? ?????? ?? ?????. ??? ??? ?? ???? ???????? ????? ?????? ?? ??? ???? ?? ?????????? ?? ????? ??? ????? ????? ????? ???????? ???? ?????? ???? ???????? ?????? ?????? ??? ??? ???? ????? ????? ??? ???????? ?? ?? ??? ?????? ?? ???? ????? ???? ???? ?? ?? ???? ??????? ??? ????? ????? ??. ?? ??????? ??? ???? ??? ???? ????? ??????? ?????? ???????? ?????? ????? ????????.
  • ???? ??? ????? ???????? ???????? ??? ???????? ??? ????? ????????? ?? ????? ??? ??????? ???? ???? ??????? ?????? (SSL) ??? ??? ??????? ??? ???? ?? ?? ??? ???? ??? ????? ?????? ???????? ???? ???? ???? ????????? ???? ??? ?????.
  • ????? ?????? ???????-???? ?????? ????? ?? ?? ????? ????? ????? ???????? ??? ???????? ????? ???.
  • ????? ?????? ?????? <authentication></authentication> ???? ??????? ?????? ?? ??????? ???? ??? ????? ????? ??? ????? ?????? ????????. ????? ?????? ???? ???? ????? ?????? ???????.
  • ?? ??? ??????? ???? ??????? ??????? ?????? ??? ???? ???????? ??????? ?????? ????????? ???? ??? ???? ????? ??? ???? ?????? ?? ????? ????? ????????? ??? ???? ??? ?????? ???. ??? ?????? ???????? ???????? ??? ????? ??? ????? ???????? ??????? ??????????? ???? ?? ???? ??? ?????????? ????? ????? (?? ?? ???) ????? ????? ?????? ??? ??????? ??? ????? ?????? ?? ???? ???? ?? ????? ??????? ?????? ?? ????? ????? ?????? ???.

?????

????? ?? ????????? ??? ????? ????? ???? ???????? ???????? ??? ??????? ???? ?????? <credentials></credentials> ?????? ????? ?????????? ?????? ??????? ???? ?? ??? ????? ??????? ?????? ASP.NET GotDotNet:
???????? ???????? ??? ???????
http://quickstarts.asp.net/QuickStartv20/aspnet/doc/security/formsauth.aspx
????? ?? ????????? ??? ????? ????? ???????? ??? ??????? ???????? ???? ?????? ??? XML ?????? ?????????? ?????? ??????? ???? ??? ??????? ?????? ??.NET Framework ????? ????? ?????? ????? (SDK) ???????:
?????? ??????? ???????? ??? XML ??????????
.aspx http://msdn2.microsoft.com/en-us/library/1b1y85bh (vs.71)
????? ?? ????????? ??? ???? ????? ??? ASP.NET? ???? ??? ???? ??????? Microsoft.NET Framework ????? ??????? ???????:
???? ????? ??? ASP.NET
.aspx http://msdn2.microsoft.com/en-us/library/330a99hc (vs.71)
????? ?? ????????? ??? ????? ????? System.Web.Security ? ???? ??? Microsoft.NET Framework ??????? ??????? ????????:
????? ????? System.Web.Security
.aspx http://msdn2.microsoft.com/en-us/library/system.web.security (vs.71)
????? ?? ????????? ??? ????? ASP.NET? ???? ??? ?????? ???? ??????? Microsoft ??????.NET Framework:
????? ASP.NET
.aspx http://msdn2.microsoft.com/en-us/library/aa719558 (VS.71)

???? ????? ASP.NET
.aspx http://msdn2.microsoft.com/en-us/library/w7w4sb0w (vs.71)
?????? ?? ????????? ??? ??????? ?????? ASP.NET? ???? ??? ??????? ?????? MSDN ??????:
???????? ?? ASP.NET: ??????? ??????.NET
http://msdn2.microsoft.com/en-us/library/ms978378.aspx

???????

???? ???????: 301240 - ????? ??? ??????: 01/????/1434 - ??????: 1.0
????? ???
  • Microsoft ASP.NET 1.1
  • Microsoft Visual C# .NET 2003 Standard Edition
  • Microsoft ASP.NET 1.0
  • Microsoft Visual C# .NET 2002 Standard Edition
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 7.0 Standard Edition
  • Microsoft SQL Server 2000 64-bit Edition
????? ??????: 
kbconfig kbhowtomaster kbsecurity kbweb kbmt KB301240 KbMtar
????? ????
???: ??? ????? ??? ?????? ???????? ?????? ????? ???? ????? ?????????? ????? ?? ????????? ?????? ????. ???? ???? ?????????? ???? ?? ???????? ???????? ?????? ????????? ????? ????????? ???????? ????? ???????? ?????? ?? ?????? ??? ?? ???????? ???????? ?? ????? ??????? ?????? ??? ??????? ?????? ??. ?????? ?? ???? ??? ??????? ???????? ????? ?? ???? ????? ?????? ??? ????? ??? ????? ??????? ?? ????? ?? ?????? ??? ??? ??????? ??????? ?? ????? ????? ????? ????? ?????. ?? ????? ???? ?????????? ??????? ??? ????? ?? ??????? ?? ????? ?????? ?? ??? ????? ?? ????? ??????? ?? ???????? ?? ??? ???????. ???? ???? ?????????? ???????? ??? ????? ?????? ??????? ??????
???? ??? ????? ??????? ?????? ??????????301240

????? ???????

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com