ASP.net Logion用户登陆验证代码

……

<system.web>

       <database>

        <add key="strconn" value="server=107.120.65.99;database=db;uid=db;pwd=db" />

</database>

</system.web>

……

</configuration>

global.asax.cs

protected void session_end(object sender, eventargs e)

...{

        application.lock();

        application.remove(session.sessionid.tostring());

        application["ol_usercount"]=(int)application["ol_usercount"]-1;

        application.unlock();

}

login.aspx

<table class="logintable">

<tr>    <td colspan="2" class="tdcaption"><font class="fcaption">ログイン</font></td></tr>

<tr>        <td><font class="font100">ユーザーid:</font></td></tr>

        <td><asp:textbox cssclass="itxt" id="txtname" runat="server"></asp:textbox></td></tr>

<tr>        <td><font class="font100">パスワード:</font></td>

        <td><asp:textbox cssclass="itxt" id="txtpwd" textmode="password" runat="server"></asp:textbox></td></tr>

<tr>        <td><asp:button cssclass="ibutton" id="btnsubmit" text="login" runat="server"></asp:button></td>

        <td><input type="reset" class="ibutton" name="btnreset" value="reset"></td></tr>

</table>

login.aspx.cs

using system.collections.specialized;

using system.data.sqlclient;

public void loginbysql()

...{

     string strconn=(string) ((namevaluecollection) context.getconfig("system.web/database"))["strconn"];

     using (sqlconnection conn = new sqlconnection(strconn))

     ...{

         sqlcommand cmd = new sqlcommand("sp_idpwd",conn);

         cmd.commandtype=commandtype.storedprocedure;    //这里采用存储过程

         cmd.parameters.add("@id",sqldbtype.varchar,20);

         cmd.parameters.add("@pwd",sqldbtype.varchar,20);

         cmd.parameters["@id"].value=txtname.text;

         cmd.parameters["@pwd"].value=txtpwd.text;

         conn.open();

         using (sqldatareader dr = cmd.executereader())

         ...{

             if(dr.read())

             ...{

                bool notol=true;

                for(int i=0;i<application.count;i++)

                ...{

                   if(application[application.getkey(i).tostring()].tostring()==dr["userid"].tostring())

                   notol=false;

                }

                if(notol)

                ...{

                   application[session.sessionid.tostring()]=dr["userid"].tostring();

                   application["ol_usercount"]=(int)application["ol_usercount"]+1;

                   session["username"]=dr["username"].tostring();//sessions
                   response.redirect("./main/main.aspx");

                }

                else

                   message.text="已经登陆";

             }

             else

             ...{

                message.text="密码错误";

             }

        }

    }

}

存储过程
alter procedure dbo.sp_idpwd
 (
  @id varchar(20),
  @pwd varchar(20)
  /**//*@pwd datatype output*/
 )
as
 set nocount on
 select * from [db].[db].[admin] where ([email protected]) and ([password][email protected])
 return