private void LoginButton_Click(object sender,System.EventArgs e) { String sql=String.Format("select password from Administrator where AdminID='{0}',UseridBox.Text); SqlConnection conn=new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]); SqlDataReader myreader=new SqlCommand(sql,conn).ExecuteReader(); if(myreader.Read()) { String hashed=FormsAuthentication.HashPasswordForStoringInConfigFile(PasswordTextBox.Text,"SHA1"); //将用户输入的密码哈希后再与数据库是的哈希值进行比较 if(hash==myreader["password"]).ToString()) { FormsAuthentication.RedirectFromLoginPage(UseridBox.Text,true);//转到请求页 } else Result.Text="密码错误"; } else Result.Text="用户不存在"; conn.Close();
|