日期:2014-05-18  浏览次数:20824 次

关于web.config设置的问题
我在login.aspx中放了一个login控件,在login.aspx.cs中写了如下登录代码:
C# code

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        bool Authenticated = false;
        Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);
        e.Authenticated = Authenticated;
        if (Authenticated == true)
        {
            Response.Redirect("MainForm.aspx");
        }
    }
    private bool SiteLevelCustomAuthenticationMethod(string UserName, string Password)
    {
        bool boolReturnValue = false;
        ConnectionStringSettings cs = ConfigurationManager.ConnectionStrings["CS"];
        string strConnection = cs.ConnectionString;
        SqlConnection Connection = new SqlConnection(strConnection);
        String strSQL = "Select * From 用户";
        SqlCommand command = new SqlCommand(strSQL, Connection);
        SqlDataReader Dr;
        Connection.Open();
        Dr = command.ExecuteReader();
        while (Dr.Read())
        {
            if ((UserName == Dr["工号"].ToString()) & (Password == Dr["密码"].ToString()))
            {
                boolReturnValue = true;
                Session["username"] = Dr["姓名"].ToString();
                Session["role"] = Dr["角色"].ToString();
            }
        }
        Connection.Close();
        return boolReturnValue;



web.config中写了如下配置:
C# code

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <appSettings/>
    <connectionStrings>
  <add name="CS" connectionString="Data Source=#######;Initial Catalog=DJS;Persist Security Info=True;User ID=sa;Password=******"
   providerName="System.Data.SqlClient" />
 </connectionStrings>
    <system.web>
    <compilation debug="true">
        </compilation>
        <authentication mode="Forms">
   <forms name=".FormsAuthCookie" timeout="30" />
  </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>




为什么登陆的时候,不提示登录失败,但始终停留在登陆页面
如果把“<authorization>
<deny users="?" />
</authorization>
”这段去掉,能够登录,但是其他页面匿名用户也能访问了

应该怎么弄啊
??

------解决方案--------------------
<authentication mode="Forms">
 <forms name=".FormsAuthCookie" timeout="30" />
<allow users="?" />
</authentication>


------解决方案--------------------
看着也没配置错,不知道这个问题
------解决方案--------------------
C# code

 if ((UserName == Dr["工号"].ToString()) & (Password == Dr["密码"].ToString()))
//这应该是与的关系吧  你这是“异或”吧?
            {
                boolReturnValue = true;
                Session["username"] = Dr["姓名"].ToString();
                Session["role"] = Dr["角色"].ToString();
            }