有时候有些页面需要登录后才能访问的,并且要在登录后回到登录前想访问的页面。结合前几天发的一种简单方便的权限控制方案,可以统一解决这个问题。在上文提到的base页面中权限控制处可以加上:
If (pageAccess Is Nothing) Then Throw New ApplicationException("该页面没有设置访问权限,请与管理员联系!") ElseIf (pageAccess = "User") Then If (Session("UserPower") = "Guest") Then '处理登录 Session("Login_Url") = Request.Url.PathAndQuery() Session("Login_Form") = Request.Form() Response.Redirect("/User/User_Login.aspx?type=1") End If ElseIf (pageAccess = "PowerUser") Then If (Session("UserPower") = "Guest" OrElse Session("UserPower") = "User") Then Response.Write("需要管理员,权限不够!") Response.End() End If ElseIf (pageAccess = "Admin") Then If (Not isAdmin()) Then Response.Write("需要超级管理员,权限不够!") Response.End() End If ElseIf (pageAccess <> "Guest") Then Throw New ApplicationException("该页面访问权限设置错误,请与管理员联系!") End If
登录后可以直接跳转到一个叫做login_after.aspx的页面。页面html代码:
<%@ Page Language="vb" AutoEventWireup="false" Codebehind="Login_After.aspx.vb" Inherits="UK.Login_After" enableViewState="False"%>
页面后台编码:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
If (Session("Login_Url") <> "") Then If (Not Session("Login_Form") Is Nothing) Then Dim colTemp As System.Collections.Specialized.NameValueCollection colTemp = DirectCast(Session("Login_Form"), System.Collections.Specialized.NameValueCollection) Dim i As Integer Dim ctrl As System.Web.UI.HtmlControls.HtmlInputHidden Response.Write("<form id=Form1 name=Form1 method=POST action='" & Session("Login_Url") & "'>") For i = 0 To colTemp.Count - 1 Response.Write("<input type=hidden name=""" & colTemp.Keys(i) & """ value=""" & colTemp(i) & """>" & vbCrLf) Next Response.Write("</form>") Response.Write("<script language='javascript'>Form1.submit();</script>") Session.Remove("Login_Form") Session.Remove("Login_Url") Else Dim sTemp As String = Session("Login_Url") Session.Remove("Login_Url") Response.Redirect(sTemp) End If Else Response.Redirect("/") End If
End Sub
因为要控制postback的目标页面和viewstate,所以只能直接写表单,不能用htmlcontrol的表单了。否则,asp.net生成的viewstate和我们提交的viewstate会冲突。