我有一个使用asp.net登录控件的Web应用程序.另外,我还使用密码恢复控件来恢复用户的密码.一旦用户在恢复控制中输入了他们的详细信息,包含验证URL的电子邮件将被发送到用户的电子邮件地址.点击URL后,它会将用户引导到我的Web应用程序的UserProfile中,在其中,它允许用户更改其密码.
现在的问题是,因为我设置了一个访问规则给UserProfile.aspx来拒绝匿名用户,当我从URL重定向到UserProfile.aspx页面时,它将我引导到LoginPage(系统将我识别为匿名用户) ).
为什么会这样?在点击URL(包括所有用户信息)后,我可以在任何地方指向userprofile页面吗?
URL如下所示:
http://localhost:1039/Members/UserProfile.aspx?ID=56f74cc7-7680-4f1b-9207-0ab8dad63cad
URL的最后部分实际上是userId.
这是userprofile aspx的代码:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:ASPNETDBConnectionString1 %>"
SelectCommand="SELECT aspnet_Membership.Email, Details.CustName, Details.CustNum, Details.CustRole, Details.CustStatus, Details.PName, Details.PEmail, Details.PRole, Details.WedDate, aspnet_Users.UserName, Details.UserId FROM Details INNER JOIN aspnet_Membership ON Details.UserId = aspnet_Membership.UserId INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId WHERE (Details.UserId = @UserId)"
UpdateCommand="update Details SET CustName = @CustName, CustNum = @CustNum, CustRole = @CustRole, CustStatus = @CustStatus, PName = @PName, PEmail = @PEmail, PRole = @PRole, WedDate = @WedDate WHERE [UserId] = @UserId
Update aspnet_Membership Set Email= @email WHERE [UserId] = @UserId"
DeleteCommand= "DELETE FROM Details WHERE UserId = @UserId;">
<DeleteParameters>
<asp:ControlParameter ControlID="lblHidden" Name="UserId" PropertyName="Text"
Type="String" />
</DeleteParameters>
<SelectParameters>
<asp:ControlParameter ControlID="lblHidden" Name="UserId" PropertyName="Text" />
</SelectParameters>
<UpdateParameters>
<asp:Parameter Name="CustName" />
<asp:Parameter Name="CustNum" />
<asp:Parameter Name="CustRole" />
<asp:Parameter Name="CustStatus" />
<asp:Parameter Name="PName" />
<asp:Parameter Name="PEmail" />
<asp:Parameter Name="PRole" />
<asp:Parameter Name="WedDate" />
<asp:Parameter Name="UserId" />
<asp:Parameter Name="email" />
</UpdateParameters>
</asp:SqlDataSource>
<asp:DetailsView ID="DetailsView1" runat="server" AutoGenerateRows="False"
DataSourceID="SqlDataSource1" Height="50px" Width="125px">
<Fields>
<asp:BoundField DataField="Email" HeaderText="Email" SortExpression="Email" />
<asp:BoundField DataField="CustName" HeaderText="CustName"
SortExpression="CustName" />
<asp:BoundField DataField="CustNum" HeaderText="CustNum"
SortExpression="CustNum" />
<asp:BoundField DataField="CustRole" HeaderText="CustRole"
SortExpression="CustRole" />
<asp:BoundField DataField="CustStatus" HeaderText="CustStatus"
SortExpression="CustStatus" />
<asp:BoundField DataField="PName" HeaderText="PName" SortExpression="PName" />
<asp:BoundField DataField="PEmail" HeaderText="PEmail"
SortExpression="PEmail" />
<asp:BoundField DataField="PRole" HeaderText="PRole" SortExpression="PRole" />
<asp:BoundField DataField="WedDate" HeaderText="WedDate"
SortExpression="WedDate" />
<asp:BoundField DataField="UserName" HeaderText="UserName"
SortExpression="UserName" />
<asp:BoundField DataField="UserId" HeaderText="UserId"
SortExpression="UserId" />
<asp:CommandField ShowEditButton="True" />
</Fields>
</asp:DetailsView>
<asp:Label ID="lblHidden" runat="server" Text="Label" Visible="False"></asp:Label>
<asp:Button ID="btnDelete" runat="server" onclick="btnDelete_Click"
Text="Delete" />
这是后面的代码:
protected void Page_Load(object sender, EventArgs e)
{
MembershipUser currentUser = Membership.GetUser();
lblHidden.Text = currentUser.ProviderUserKey.ToString();
}
protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
{
// Get a reference to the currently logged on user
MembershipUser currentUser = Membership.GetUser();
// Determine the currently logged on user's UserId value
// Assign the currently logged on user's UserId to the @UserId parameter
//access the parameter value using e.Command.Parameters
//programmatically set the @UserId:
e.Command.Parameters["@UserId"].Value = currentUser.ProviderUserKey.ToString();
}
protected void btnDelete_Click(object sender, EventArgs e)
{
SqlConnection connection = new SqlConnection();
connection.ConnectionString = ConfigurationManager.ConnectionStrings["ASPNETDBConnectionString1"].ConnectionString;
SqlCommand cmd = new SqlCommand();
SqlCommand cmd1 = new SqlCommand();
string userId = lblHidden.Text;
cmd.Connection = connection;
cmd.CommandText = "DELETE FROM Details WHERE UserId ='" + userId + "'";
cmd1.Connection = connection;
cmd1.CommandText = "DELETE FROM aspnet_Membership WHERE UserId ='" + userId + "'";
connection.Open();
cmd.ExecuteNonQuery();
cmd1.ExecuteNonQuery();
connection.Close();
Response.Redirect("Home.aspx");
}
其次,有什么办法可以设置URL的到期日期吗?如果第二次点击该URL,则不会将用户重定向到任何位置.我看到很多帖子,其中大多数都建议在数据库中添加一列.有没有其他方法我可以设置到期而不触及数据库?
考虑更改密码链接的单独页面.让此页面采用唯一标识符.此标识符应仅工作一次,具有到期日期,并且特定于该用户.公开此页面:
<location path="changepassword.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
您需要将唯一标识符存储在用户的某处.如果您不想影响当前架构,可以创建一个新表:
PK | Identifier | UserID | expires
1 | abcd | ffffffff-ffff-ffff-ffff-ffffffffffff | 16-jul-2012 18:26
请求页面时,如果标识符已过期,则不允许页面运行.密码更改后,标识符无效 - 删除标识符,或将过期日期设置为过去的标识符(例如现在).
| 归档时间: |
|
| 查看次数: |
1321 次 |
| 最近记录: |