????? ????? ?????? ?????? ??? ??????? ?? ????? ASP.NET ????? ?? ???????? Visual Basic.NET

?????? ????????? ?????? ?????????
???? ???????: 308157 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???? | ?? ????

?? ??? ??????

??????

???? ??? ??????? ????? ????? ????? ??? ??????? ???????? ???????? ????? ?????? ?????? ??????????.

???????

???? ??????? ??????? ??????? ?????? ???? ???????? ?????? ???????? ??????? ???? ??????? ???? ???????:
  • Microsoft Visual Studio.NET
  • ???? Microsoft SQL
  • Microsoft ?????? ??????? Services (IIS) ??????? 5.0 ?? ?? ??? ????

????? ????? ASP.NET ???????? Visual Basic.NET

  1. ??? Visual Studio.NET.
  2. ????? ????? ??? ASP.NET ????? ?????? ??? ??????.

????? ??????? ?????? ?? ??? Web.config

???? ??? ????? ????? ????? ?????? <authentication></authentication> ? <authorization></authorization> ????? ??????? ?????? ????? ASP.NET ??? ??????? ???????? ???????? ??? ???????.
  1. ?? "?????? ??????"? ???? ??? Web.config.
  2. ????? ??? ?????? ??? ???????.
  3. ?? ?????? ????? <Forms>? ?????? ???????? ????. (????? ?? ????????? ??? ??? ??????? ???? ???? MSDN ????? ?? ??????? ??????? ?????? ??????? ?? </Forms>????? ??????.) ??? ???? ????????? ????????? ??? ?? ???? ??? ??? ? HTML ?? ??????? ????? ???? ????????? ???????? ?? <authentication></authentication> ?????? ?? ?????:
    <authentication mode="Forms">
    	<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx" 
    	protection="All" path="/" timeout="30" />
    </authentication>
    					
  4. ??? ?????? ??? ???????? ??????? ?? <authorization></authorization> ?????? ??? ???:
    <authorization>
    	<deny users ="?" />
    	<allow users = "*" />
    </authorization>
    					

????? ???? ????? ?????? ????? ?????? ???????? ??????????

???? ??? ????? ????? ????? ????? ?????? ????? ??? ????? ??? ???????? ????? ?????? ??? ??????????. ????? ?????? ??? ??? ??? ???? ????? ????? ?????????? ?? ????? ???????? ?????? ?????? ??? ????? ????.
  1. ?? ??????? ???? ? ?? ???? ??? ?????? ????? ??????? ???? ?????? "???????".
  2. ????? ????? ??? ??? ???????? ????? SQL ??????? ???? ????? ?????? ????????? ???????? ??? ?? ???? ??? ???. ?? ???????? ???? ??? ??? ?? ??????? ????? ???? ????????? ???????? ???????:
    if exists (select * from sysobjects where id = 
    object_id(N'[dbo].[Users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
    drop table [dbo].[Users]
    GO
    CREATE TABLE [dbo].[Users] (
    	[uname] [varchar] (15) NOT NULL ,
    	[Pwd] [varchar] (25) NOT NULL ,
    	[userRole] [varchar] (25) NOT NULL ,
    ) ON [PRIMARY]
    GO
    ALTER TABLE [dbo].[Users] WITH NOCHECK ADD 
    	CONSTRAINT [PK_Users] PRIMARY KEY  NONCLUSTERED 
    	(
    		[uname]
    	)  ON [PRIMARY] 
    GO
    
    INSERT INTO Users values('user1','user1','Manager')
    INSERT INTO Users values('user2','user2','Admin')
    INSERT INTO Users values('user3','user3','User')
    GO
    					
  3. ??? ????? ? Users.sql.
  4. ??? ????????? Microsoft SQL Server? ???? Users.sql ?? ???? ???????. ?? ????? ????? ????????? ???? ??? pubs?????? ???????? ?????. ???? ??? ??? ????? ????? ???? ???????? ? ??? ?????? ?? ????? ?????? Pubs ????????? ?? ??? ??????? ???????.

????? ???? Logon.aspx

  1. ????? "????? ???" ???? ??? ??????? ???? Logon.aspx.
  2. ???? ?????? Logon.aspx ?? ??????? ??? ???????? ??? HTML ????? ?????.
  3. ??? ???????? ???????? ???????? ???????? ?????? ??? ? HTML ?? ??????? ????? ?????? ????????? ???????? ???<form>????????: </form>
    <h3>
       <font face="Verdana">Logon Page</font>
    </h3>
    <table>
       <tr>
          <td>Email:</td>
          <td><input id="txtUserName" type="text" runat="server"></td>
          <td><ASP:RequiredFieldValidator ControlToValidate="txtUserName"
               Display="Static" ErrorMessage="*" runat="server" 
               ID="vUserName" /></td>
       </tr>
       <tr>
          <td>Password:</td>
          <td><input id="txtUserPass" type="password" runat="server"></td>
          <td><ASP:RequiredFieldValidator ControlToValidate="txtUserPass"
              Display="Static" ErrorMessage="*" runat="server" 
              ID="vUserPass" />
          </td>
       </tr>
       <tr>
          <td>Persistent Cookie:</td>
          <td><ASP:CheckBox id="chkPersistCookie" runat="server" autopostback="false" /></td>
          <td></td>
       </tr>
    </table>
    <input type="submit" Value="Logon" runat="server" ID="cmdLogin"><p></p>
    <asp:Label id="lblMsg" ForeColor="red" Font-Name="Verdana" Font-Size="10" runat="server" />
    						
    ?????? ??? "??????? ???" ?????? ????? ????? ???? ?????????? ??? ????? ??? ????? ??? ???????? ????? ?????? ?????? ?????? ??? ???????.
  4. ?? ???????? ??? ????? ??? ???????? ??? ???? ??????.

????????? ???????? ????? ????? ??? ?? ?????? ?? ??? ?????? ?????? ????????

???? ??? ?????? ????????? ???????? ???? ??? ????? ?? ????? ????????? ???????? ?????? (Logon.aspx.vb).
  1. ???? ????? Logon.aspx.vb.
  2. ??????? ?????? ??????? ???????? ?? ??? ????????? ???????? ???????:
    Imports System.Data.SqlClient
    Imports System.Web.Security
    					
  3. ????? ???? ValidateUser ?????? ?? ??? ?????? ?????? ???????? ?? ???? ????? ?? ????? ????????. (???? ?? ????? ????? ??????? ??????? ??? ????? ?? ????? ????????.)
    Private Function ValidateUser(ByVal userName As String, ByVal passWord As String) As Boolean
            Dim conn As SqlConnection
            Dim cmd As SqlCommand
            Dim lookupPassword As String
    
            lookupPassword = Nothing
    
            ' Check for an invalid userName.
            ' userName  must not be set to nothing and must be between one and 15 characters.
            If ((userName Is Nothing)) Then
                System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.")
                Return False
            End If
            If ((userName.Length = 0) Or (userName.Length > 15)) Then
                System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.")
                Return False
            End If
    
            ' Check for invalid passWord.
            ' passWord must not be set to nothing and must be between one and 25 characters.
            If (passWord Is Nothing) Then
                System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.")
                Return False
            End If
            If ((passWord.Length = 0) Or (passWord.Length > 25)) Then
                System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.")
                Return False
            End If
    
            Try
                ' Consult with your SQL Server administrator for an appropriate connection
                ' string to use to connect to your local SQL Server.
                conn = New SqlConnection("server=localhost;Integrated Security=SSPI;database=pubs")
                conn.Open()
    
                ' Create SqlCommand to select pwd field from the users table given a supplied userName.
                cmd = New SqlCommand("Select pwd from users where uname=@userName", conn)
                cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25)
                cmd.Parameters("@userName").Value = userName
    
    
                ' Execute command and fetch pwd field into lookupPassword string.
                lookupPassword = cmd.ExecuteScalar()
    
                ' Cleanup command and connection objects.
                cmd.Dispose()
                conn.Dispose()
            Catch ex As Exception
                ' Add error handling here for debugging.
                ' This error message should not be sent back to the caller.
                System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " & ex.Message)
            End Try
    
            ' If no password found, return false.
            If (lookupPassword Is Nothing) Then
                ' You could write failed login attempts here to the event log for additional security.
                Return False
            End If
    
            ' Compare lookupPassword and input passWord by using a case-sensitive comparison.
            Return (String.Compare(lookupPassword, passWord, False) = 0)
    
    End Function
    					
  4. ????? ??????? ???? ????????? ????????? ?????? ??????? ??? ????? ?????? ???????? ?????? ????? ???????? ??? ???? ?????? ?? ????? cmdLogin_ServerClick . ??? ????? ????? ????????? ???????? ??? ?? ????? ?????????. ?????? ?? ?? ??? ???? ????? ????? ??.
    • ??????? ??????? ????????????????????? ?????? ??? ????? ?????? ?????? ??????? ???????? ?????? ????? ???????? ??? ???? ?????? ?? ????? cmdLogin_ServerClick :
      Private Sub cmdLogin_ServerClick(ByVal sender As Object, ByVal e As System.EventArgs) _
         Handles cmdLogin.ServerClick
         If ValidateUser(txtUserName.Value,txtUserPass.value) Then
            FormsAuthentication.RedirectFromLoginPage(txtUserName.Value, _
            chkPersistCookie.Checked)
         Else
            Response.Redirect("logon.aspx", True)
         End If
      End Sub
      						
    • ????? ????? ????????? ???????? ????? ??? ????? ??????? ????? ??? ?????????? ?????? ????? ????????. ????? ??? ?????? ?????? ?? ????? ????? ??? ????? ????????. ????? ???? ????? ???????? ??????? ??? ??? ?? ?????????????????????? ?? ??? ??????.
      Private Sub cmdLogin_ServerClick(ByVal sender As Object, _
         ByVal e As System.EventArgs) Handles cmdLogin.ServerClick
         If Validateuser(txtUserName.Value,txtUserPass.Value) Then
            Dim tkt As FormsAuthenticationTicket
            Dim cookiestr As String
            Dim ck As HttpCookie
      
            tkt = New FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now(), _
      dateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data")
            cookiestr = FormsAuthentication.Encrypt(tkt)
            ck = new HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
            if (chkPersistCookie.Checked) then ck.Expires=tkt.Expiration 
            ck.Path = FormsAuthentication.FormsCookiePath() 
            Response.Cookies.Add(ck)
      
            Dim strRedirect As String
            strRedirect = Request("ReturnURL")
            If strRedirect <> "" Then
               Response.Redirect(strRedirect, True)
            Else
               strRedirect = "default.aspx"
               Response.Redirect(strRedirect, True)
            End If
         Else
            Response.Redirect("logon.aspx", True)
         End If
      End Sub
      						

????? ???? Default.aspx

???? ??? ?????? ???? ?????? ???? ??? ????? ????? ?????????? ??? ????????. ??? ??? ??????? ?????????? ??? ??? ?????? ??? ????? ????? ?????? ???????? ??? ??????? ??? ???? ????? ??????.
  1. ????? ????? ?????? WebForm1.aspx ???????? ? Default.aspx? ? ???? ?? ??????.
  2. ?? ???????? ??? ????? ??? HTML? ???? ???????? ???????? ??????? ??? ?????<form>????????: </form>
    <input type="submit" Value="SignOut" runat="server" id="cmdSignOut">
    						
    ?????? ??? ???? ?????? ?????? ?????? ??????? ???? ?????.
  3. ?? ???????? ??? ????? ??? ???????? ??? ???? ??????.
  4. ??????? ?????? ??????? ???????? ?? ??? ????????? ???????? ???????:
    Imports System.Web.Security
    					
  5. ??? ????????? ????????-????? ?????? (?????????)? ????? ????????? ???????? ??????? ?? ????? ??????? cmdSignOut_ServerClick :
    Private Sub cmdSignOut_ServerClick(ByVal sender As System.Object, ByVal e As System.EventArgs) _
    Handles cmdSignOut.ServerClick
       FormsAuthentication.SignOut()
       Response.Redirect("logon.aspx", True)
    End Sub
    					
  6. ??? ?? ????? ???????. ????? ???? ??????? ???????.

??????? ??????? ????????

  • ?? ????? ??? ????? ????? ?????? ???? ??? ?? ????? ??????. ????? ??????? ?????? ?????? ???????? ??? FormsAuthentication ?????? ???????????????????????????????? ?????? ????? ?????? ??? ?? ???? ???????? ?? ????? ???????? ?? ??? ???????.
  • ?? ????? ??? ????? ??????? ??????? SQL ?? ????? ??????? (Web.config) ???? ????? ?????? ?????? ??? ????????.
  • ?? ???? ?? ????? ????????? ???????? ???? ????????? ????? ??????? ??????? ??????? ?????? ?? ????? ?????? ?? ????? ??????. ??? ???? ??????? ????? ????? ???? ???? ??????? ????? ?????? ?? ?????. ??? ?? ???? ???????? ????? ?????? ?? ??? ???? ?? ?????????? ?? ????? ??? ????? ????? ????? ???????? ???? ?????? ???? ???????? ?????? ?????? ??? ???? ????? ????? ??? ???????? ?? ?????? ?? ???? ????? ???? ???? ?? ?? ???? ??????? ??? ????? ????? ??. ?? ??????? ??? ???? ??? ????? ????? ???????? ?????? ????? ????????.
  • ???? ??? ????? ???????? ???????? ??? ???????? ??? ????? ????????? ?? ????? ??? ??????? ???? ???? ??????? ?????? (SSL) ??? ??? ??????? ??? ?? ?? ??? ???? ??????? ??? ????? ?????? ???????? ???? ???? ???? ????????? ???? ??? ?????.
  • ????? ?????? ??????? ???? ????? ???? ?????? ????? ?? ?? ????? ????? ????? ???????? ??? ???????? ????? ???.
  • ??????? timeout ?? <authentication></authentication> ???? ????? ?????? ?????? ???? ????? ??? ????? ????? ??? ????? ?????? ????????. ????? ?????? ???? ???? ????? ?????? ???????.
  • ?? ??? ??????? ???? ??????? ??????? ?????? ??? ???? ???????? ????? ??????? ?????? ???????? ???? ??? ???? ????? ??? ???? ??????-??? ????? ????????? ??? ????? ??? ?????? ???. ??? ??? ????? ?????? ?????? ???????? ???????? ??? ??????? ???? ??????? ??????????? ?? ???? ??? ?????????? ????? ????? (?? ?? ???) ?????? ??? ?????? ??? ??? ???? ??? ????? ?????? ?? ???? ???? ???? ?? ????? ??????? ?????? ?? ????? ????? ?????? ???.

?????

????? ?? ????????? ??? ????? ???????? ??? ??????? ??????? ???????? ???????? <credentials></credentials> ?????? ?????? ?????????? ?????? ??????? ???? ??????? ??????? ?? ??????? ASP.NET ??????? ??????:
???????? ???????? ??? ???????
http://quickstarts.asp.net/QuickStartv20/aspnet/doc/security/formsauth.aspx
?????? ??? ??????? ??? ????? ?????? ?????? ??? ??????? ?? ???? ??????? ??? ??? ????? ??????? (XML) ?????? ?????????? ?????? ?????? ???? ??????? ?????? ?? ?????? ????? ????? ????? (SDK).NET Framework ???????:
?????? ??????? ???????? ??? ???????? XML
.aspx http://msdn2.microsoft.com/en-us/library/1b1y85bh (vs.71)
?????? ??? ???? ?? ????????? ??? ???? ????? ??? ASP.NET? ???? ??????? ??????? ?? ?????.NET Framework SDK:
???? ????? ??? ASP.NET
.aspx http://msdn2.microsoft.com/en-us/library/330a99hc (vs.71)
????? ?? ????????? ??? ????? ????? System.Web.Security ? ???? ??????? ??????? ?? SDK ???? ???.NET ???????:
.aspx http://msdn2.microsoft.com/en-us/library/system.web.security (vs.71)
?????? ??? ???? ?? ????????? ??? ????? ASP.NET? ???? ???????? SDK ???? ???.NET ???????:
????? ASP.NET
.aspx http://msdn2.microsoft.com/en-us/library/aa719558 (VS.71)

???? ????? ASP.NET
.aspx http://msdn2.microsoft.com/en-us/library/w7w4sb0w (vs.71)
????? ?? ????????? ??? ??????? ?????? ASP.NET? ???? ?? ??? ??????? ?????? MSDN:
???????? ?? ASP.NET: ??????? ??????.NET
http://msdn2.microsoft.com/en-us/library/ms978378.aspx
????? ?? ?????????? ???? ????? ???????:
????????? ????. ???? ???? ??? ?? ASP.NET ? ADO.NET. Microsoft Press? 2001.

????? ?????? ?????? ??????. ????? ????????? ???????? ????. Microsoft Press? 2001.

???????

???? ???????: 308157 - ????? ??? ??????: 19/?????/1434 - ??????: 9.0
????? ???
  • Microsoft ASP.NET 1.1
  • Microsoft ASP.NET 1.0
  • Microsoft Visual Basic .NET 2003 Standard Edition
  • Microsoft Visual Basic .NET 2002 Standard Edition
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 7.0 Standard Edition
????? ??????: 
kbproductlink kbconfig kbhowtomaster kbsecurity kbweb kbmt KB308157 KbMtar
????? ????
???: ??? ????? ??? ??????? ???????? ????? ?????????? ??????? ?????? ??? ??????? ?? ??? ??????? ?? ??????? ??? ??? ?? ???? ????????? ???? ??????? ???????(CTF) ?? ?? ???? ????? ????. ???? ?? ???? ?????????? ??? ???????? ???????? ???? ??? ?? ???????? ??????? ?? ??? ??????? ???????? ?? ??? ??????? ??????? ??? ?????? ?? ?????? ??? ???? ???????? ???????? ?? ????? ??????? ????? ????? ??????. ??? ?? ???????? ???????? ?? ????? ??? ????? ?? ???????? ?? ???? ????? ?? ?????. ?????? ??? ???? ?????????? ???? ?????? ?? ??? ????? ?? ??? ??? ?? ??????? ?? ??? ????? ?? ???? ????? ????? ?? ????? ??????? ???? ?? ???????? ?? ??? ???????.
???? ??? ????? ??????? ?????? ??????????308157

????? ???????

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com