login.aspx xml 验正

配置文件：

<configuration>
   <system.web>
      <authentication mode="Forms" >
         <forms    loginUrl = "login.aspx"     name = "FORMSAUTHCOOKIE"/>
      </authentication>
      <authorization>
         <deny users="?" />
      </authorization>
   </system.web>
</configuration>

xml文件：

<Users>
   <Users>
      <UserEmail>[email protected]</UserEmail>
      <UserPassword>
         BA56E5E0366D003E98EA1C7F04ABF8FCB3753889
      </UserPassword>
   </Users>
   <Users>
      <UserEmail>[email protected]</UserEmail>
      <UserPassword>
         07B7F3EE06F278DB966BE960E7CBBD103DF30CA6
      </UserPassword>
   </Users>
</Users>

login.aspx文件：

<%@ Page LANGUAGE="c#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ Import Namespace="System.IO" %>

<html>
<head>
<title>Forms Authentication</title>
<script runat=server>
private void Login_Click(Object sender, EventArgs e)
{
   if( !Page.IsValid )
   {
      Msg.Text = "Some required fields are invalid.";
      return;
   }
   String cmd = "UserEmail='" + UserEmail.Value + "'";
   DataSet ds = new DataSet();
   FileStream fs = new FileStream(Server.MapPath("Users.xml"),
                                  FileMode.Open,FileAccess.Read);
   StreamReader reader = new StreamReader(fs);
   ds.ReadXml(reader);
   fs.Close();
   DataTable users = ds.Tables[0];
   DataRow[] matches = users.Select(cmd);
   if( matches != null && matches.Length > 0 )
   {
      DataRow row = matches[0];
      string hashedpwd =
         FormsAuthentication.HashPasswordForStoringInConfigFile
            (UserPass.Value, "SHA1");
      String pass = (String)row["UserPassword"];
      if( 0 != String.Compare(pass, hashedpwd, false) )
         // Tell the user if no password match is found. It is good 
         // security practice give no hints about what parts of the
         // logon credentials are invalid.
         Msg.Text = "Invalid Credentials: Please try again";
      else
         // If a password match is found, redirect the request
         // to the originally requested resource (Default.aspx).
         FormsAuthentication.RedirectFromLoginPage
            (UserEmail.Value, Persist.Checked);
   }
   else
   {
If no name matches were found, redirect the request to the AddUser page using a Response.Redirect command.
      Response.Redirect("AddUser/AddUser.aspx");
   }
}
</script>
<body>
<form runat=server>
   <span style="background:#80FF80">
   <h3><font face="Verdana">Login Page</font></h3></span>
   <table>
      <tr>
         <td>e-mail:</td>
         <td><input id="UserEmail" type="text" runat=server/></td>
         <td><ASP:RequiredFieldValidator
             ControlToValidate="UserEmail"
             Display="Static"
             ErrorMessage="*"
             runat="server"/>
         </td>        
         <td><asp:RegularExpressionValidator id="RegexValidator"
             ControlToValidate="UserEmail"
             ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"
             EnableClientScript="false"
             Display="Static"
             ErrorMessage="Invalid format for e-mail address."
             runat="server"/>
         </td>
      </tr>
      <tr>   
         <td>Password:</td>
         <td><input id="UserPass" type=password runat=server/></td>
         <td><ASP:RequiredFieldValidator
                 ControlToValidate="UserPass"
                 Display="Static"
                 ErrorMessage="*"
                 runat="server"/>
         </td>
      </tr>
      <tr>
         <td>Persistent Cookies:</td>
         <td><ASP:CheckBox id=Persist runat="server"
                autopostback="true" />
         </td>
         <td></td>
      </tr>
   </table>
   <input type="submit" OnServerClick="Login_Click" Value="Login"
          runat="server"/><p>
   <asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"
              Font-Size="10" runat="server" />
</form>
</body>
</html>

addUser.aspx

<%@ Page LANGUAGE="c#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ Import Namespace="System.IO" %>
<html>
<head>
<title>Forms Authentication</title>
<script runat=server>
private void Page_Load(Object Src, EventArgs e)
{
   String email = Request.QueryString["UserEmail"];
   if( null != email )
      UserEmail.Value = email;
}
private void AddUser_Click(Object sender, EventArgs e)
{
   if( !Page.IsValid )
   {
      Msg.Text = "Some required fields are invalid.";
      return;   
   }
   DataSet ds = new DataSet();
   String userFile = "users.xml";
   FileStream fs = new FileStream(Server.MapPath(userFile),
      FileMode.Open,FileAccess.Read);
   StreamReader reader = new StreamReader(fs);
   ds.ReadXml(reader);
   fs.Close();
string hashedpwd =   
   FormsAuthentication.HashPasswordForStoringInConfigFile
      (UserPass.Value, "SHA1");
   DataRow newUser = ds.Tables[0].NewRow();
   newUser["UserEmail"] = UserEmail.Value;
   newUser["UserPassword"] = hashedpwd;
   ds.Tables[0].Rows.Add(newUser);
   ds.AcceptChanges();
   fs = new FileStream(Server.MapPath(userFile), FileMode.Create,
        FileAccess.Write|FileAccess.Read);
   StreamWriter writer = new StreamWriter(fs);
   ds.WriteXml(writer);
   writer.Close();
   fs.Close();
   Response.Redirect("Default.aspx");
}
</script>
<body>
<form runat=server>
   <div style="background:#ccccff">
      <h3><font face="Verdana">Add New User</font></h3>
   </div>
   <table>
      <tr>
         <td>Name:</td>
         <td><input id="UserEmail" type="text" runat=server/></td>
         <td><ASP:RequiredFieldValidator
                  ControlToValidate="UserEmail"
                  Display="Static"
                  ErrorMessage="*"
                  runat=server/>
            </td>
         <td><asp:RegularExpressionValidator id="RegexValidator"
             ControlToValidate="UserEmail"
             ValidationExpression="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"
             EnableClientScript="false"
             Display="Static"
             ErrorMessage="Invalid format for e-mail address."
             runat="server"/>
            </td>
      </tr>
      <tr>   
         <td>Password:</td>
         <td><input id="UserPass" type=password runat=server/></td>
         <td><ASP:RequiredFieldValidator
            ControlToValidate="UserPass"
             Display="Static"
             ErrorMessage="*"
             runat=server/>
         </td>
      </tr>
      <tr>
         <td>Persistent Forms:</td>
         <td><ASP:CheckBox id=Persist runat="server"
                           autopostback="true" />
         </td>
      </tr>
   </table>
   <input type="submit" OnServerClick="AddUser_Click" Value="Add User"
                        runat="server"/><p>
   <asp:Label id="Msg" ForeColor="red" Font-Name="Verdana"
                       Font-Size="10" runat=server />
</form>
</body>
</html>

Default.aspx

<%@ Page LANGUAGE="c#" %>
<html>
<title>Forms Authentication</title>
<script runat=server>
   private void Page_Load(Object Src, EventArgs e)
   {
      Welcome.InnerHtml = "Hello, " +  
         Server.HtmlEncode(User.Identity.Name);
   }
   private void Signout_Click(Object sender, EventArgs e)
   {
      FormsAuthentication.SignOut();
      Response.Write("Logged out - cookie deleted.");
   }
</script>

<body>
<h3><font face="Verdana">Forms Authentication Example</font></h3>
<span id="Welcome" runat=server/>
<form runat=server>
   <input type="submit" OnServerClick="Signout_Click"
          Value="Signout" runat="server"/><p>
</form>
</body>
</html>

本文地址：http://com.8s8s.com/it/it45834.htm