I have two ASP.NET pages: site.com/foo/bar.aspx that should be world accessible and site.com/foo/baz.aspx that I want to password protect. I want any un-authenticated users to see a username/password page and then, once they pass that, I want them to see the real thing. I'm looking for the simplest possible solution (this looked good till it stated asking me to move things), even at the cost of flexibility.
我有两个ASP.NET页面:site.com/foo/bar.aspx应该是世界可访问的和site.com/foo/baz.aspx,我想密码保护。我希望任何未经过身份验证的用户都能看到用户名/密码页面,然后,一旦他们通过,我希望他们看到真实的东西。我正在寻找最简单的解决方案(这看起来很好,直到它说要求我搬东西),即使是以灵活性为代价。
What I'd love to see would be a control that does nothing if the user is authenticated and replaces "all" other controls with a login prompt if they aren't.
我希望看到的是一个控件,如果用户通过身份验证则不执行任何操作,如果不是,则使用登录提示替换“所有”其他控件。
I'm currently the only user who will have an account so I can go with a hard coded password list for now (and I'm more or less stuck with that as I wouldn't have anywhere else to put it).
我目前是唯一拥有帐户的用户,因此我现在可以使用硬编码密码列表(而且我或多或少地坚持使用它,因为我没有其他任何地方可以使用它)。
Using Greg's answer I was able to make individual pages password protected. Using Joel Coehoorn's Link I set it up to do Forms Authentication. From this page I'm using a custom Login logic that looks like this:
使用Greg的答案,我能够使个人页面受密码保护。使用Joel Coehoorn的链接我将其设置为执行表单身份验证。从这个页面我使用的自定义登录逻辑如下所示:
Login1.Authenticate += new AuthenticateEventHandler(Login1_Authenticate);
...
void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
e.Authenticated = (Login1.UserName == "user" &&
Login1.Password == "password");
}
All of that put together seems to work fine. :)
所有这些放在一起似乎工作正常。 :)
4 个解决方案
#1
In that case, the easiest thing is probably forms authentication. You just hook everything up in your web.config file and build a simple login page using the pre-built controls.
在这种情况下,最简单的事情可能是表单身份验证。您只需将所有内容挂钩到web.config文件中,然后使用预构建的控件构建一个简单的登录页面。
#2
Are you on a Windows network? You can just use windows authentication via the web.config if you are.
你在Windows网络上吗?您可以通过web.config使用Windows身份验证。
Something like this would work:
像这样的东西会起作用:
<system.web>
<authentication mode="Windows" />
</system.web>
<location path="page.aspx">
<system.web>
<authorization>
<allow roles="domain\role"/>
<deny users="*" />
</authorization>
</system.web>
</location>
Edit: Ok, not using windows network. This might help you with a down&dirty single user method: http://www.codeproject.com/Messages/1772445/Setting-username-passwords-in-the-web-config-using-forms-authentication.aspx
编辑:好的,不使用Windows网络。这可能会帮助您使用简单易用的单用户方法:http://www.codeproject.com/Messages/1772445/Setting-username-passwords-in-the-web-config-using-forms-authentication.aspx
#3
If you really only have one page, use a multiview.
如果您真的只有一个页面,请使用多视图。
ASPX page
<asp:MultiView ID="mvSecretContent" runat="server">
<asp:View ID="viewLogin" runat="server">
<asp:Label AssociatedControlID="username"
runat="server">Username:</asp:Label>
<asp:TextBox ID="username" runat="server"></asp:TextBox>
<asp:Label AssociatedControlID="password"
runat="server">Password:</asp:Label>
<asp:TextBox ID="password" runat="server"></asp:TextBox>
<br />
<asp:Button ID="login" runat="server" OnClick="login_Click"
Text="Log In" />
</asp:View>
<asp:View ID="viewSecret" runat="server">
<h1>This is secret information!</h1>
<asp:Button ID="logout" runat="server" OnClick="logout_Click"
Text="Log Out" />
</asp:View>
</asp:MultiView>
Code-behind:
protected void Page_PreRender(object sender, EventArgs e)
{
if (ViewState["IsAuthenticated"] == null ||
!(bool)ViewState["IsAuthenticated"])
{
mvSecretContent.SetActiveView(viewLogin);
}
else
{
mvSecretContent.SetActiveView(viewSecret);
}
}
protected void login_Click(object sender, EventArgs e)
{
// authenticate user/pass
ViewState["IsAuthenticated"] = true;
}
protected void logout_Click(object sender, EventArgs e)
{
ViewState["IsAuthenticated"] = false;
}
It's only stored in ViewState, so you'll have to re-authenticate every time you visit the page. If you change ViewState to Session it'll stick for however long your session is set up for (default is usually 20 minutes).
它仅存储在ViewState中,因此您每次访问该页面时都必须重新进行身份验证。如果您将ViewState更改为Session,那么无论您的会话设置多久都会坚持(默认通常为20分钟)。
#4
This is a followup to BCS's comment on Joel's answer:
这是BCS对Joel答案的评论的后续跟进:
You will need to create a Login.aspx form, but it is incredibly easy: How To: Create an ASP.NET Login Page
您将需要创建一个Login.aspx表单,但它非常简单:如何:创建ASP.NET登录页面
#1
In that case, the easiest thing is probably forms authentication. You just hook everything up in your web.config file and build a simple login page using the pre-built controls.
在这种情况下,最简单的事情可能是表单身份验证。您只需将所有内容挂钩到web.config文件中,然后使用预构建的控件构建一个简单的登录页面。
#2
Are you on a Windows network? You can just use windows authentication via the web.config if you are.
你在Windows网络上吗?您可以通过web.config使用Windows身份验证。
Something like this would work:
像这样的东西会起作用:
<system.web>
<authentication mode="Windows" />
</system.web>
<location path="page.aspx">
<system.web>
<authorization>
<allow roles="domain\role"/>
<deny users="*" />
</authorization>
</system.web>
</location>
Edit: Ok, not using windows network. This might help you with a down&dirty single user method: http://www.codeproject.com/Messages/1772445/Setting-username-passwords-in-the-web-config-using-forms-authentication.aspx
编辑:好的,不使用Windows网络。这可能会帮助您使用简单易用的单用户方法:http://www.codeproject.com/Messages/1772445/Setting-username-passwords-in-the-web-config-using-forms-authentication.aspx
#3
If you really only have one page, use a multiview.
如果您真的只有一个页面,请使用多视图。
ASPX page
<asp:MultiView ID="mvSecretContent" runat="server">
<asp:View ID="viewLogin" runat="server">
<asp:Label AssociatedControlID="username"
runat="server">Username:</asp:Label>
<asp:TextBox ID="username" runat="server"></asp:TextBox>
<asp:Label AssociatedControlID="password"
runat="server">Password:</asp:Label>
<asp:TextBox ID="password" runat="server"></asp:TextBox>
<br />
<asp:Button ID="login" runat="server" OnClick="login_Click"
Text="Log In" />
</asp:View>
<asp:View ID="viewSecret" runat="server">
<h1>This is secret information!</h1>
<asp:Button ID="logout" runat="server" OnClick="logout_Click"
Text="Log Out" />
</asp:View>
</asp:MultiView>
Code-behind:
protected void Page_PreRender(object sender, EventArgs e)
{
if (ViewState["IsAuthenticated"] == null ||
!(bool)ViewState["IsAuthenticated"])
{
mvSecretContent.SetActiveView(viewLogin);
}
else
{
mvSecretContent.SetActiveView(viewSecret);
}
}
protected void login_Click(object sender, EventArgs e)
{
// authenticate user/pass
ViewState["IsAuthenticated"] = true;
}
protected void logout_Click(object sender, EventArgs e)
{
ViewState["IsAuthenticated"] = false;
}
It's only stored in ViewState, so you'll have to re-authenticate every time you visit the page. If you change ViewState to Session it'll stick for however long your session is set up for (default is usually 20 minutes).
它仅存储在ViewState中,因此您每次访问该页面时都必须重新进行身份验证。如果您将ViewState更改为Session,那么无论您的会话设置多久都会坚持(默认通常为20分钟)。
#4
This is a followup to BCS's comment on Joel's answer:
这是BCS对Joel答案的评论的后续跟进:
You will need to create a Login.aspx form, but it is incredibly easy: How To: Create an ASP.NET Login Page
您将需要创建一个Login.aspx表单,但它非常简单:如何:创建ASP.NET登录页面