Änderungen an seitensicherheitsmechanismus um Angirffe abzuwehen und nur authentifizierte nutzer zuzulassen, welche von der Login-Page kommen und so eine Session variable erzeugt haben mit der CustomerId drin, um Querystrings zu sparen. Auch das Page_Laod Event wird überarbeitet.
This commit is contained in:
ja
@@ -125,7 +125,7 @@ Partial Class login_FLEX
|
||||
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Password=@Password AND UserId=@KundenNr")
|
||||
Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Password=@Password AND KundenNr=@KundenNr")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", UserNaMe)
|
||||
cmd.Parameters.AddWithValue("@KundenNr", Customer_ID)
|
||||
@@ -145,8 +145,8 @@ Partial Class login_FLEX
|
||||
Login1.FailureText = "Account ist nicht freigeschaltet."
|
||||
Exit Select
|
||||
Case Else
|
||||
If tb.Text = dr("UserId") Then
|
||||
Customer_ID = dr("UserId").ToString
|
||||
If tb.Text = dr("KundenNr") Then
|
||||
Customer_ID = dr("KundenNr").ToString
|
||||
Else
|
||||
Login1.FailureText = "ID cannot be found in the database!"
|
||||
End If
|
||||
@@ -156,7 +156,7 @@ Partial Class login_FLEX
|
||||
Login1.FailureText = "Username is not in the database!"
|
||||
End If
|
||||
If tb3.Text = dr("Password") Then
|
||||
passw = dr("Password").ToString
|
||||
passw = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(dr("Password").ToString)
|
||||
Else
|
||||
Login1.FailureText = "Password is not in the database!"
|
||||
End If
|
||||
|
||||
Reference in New Issue
Block a user