<%@ Page Language="C#" Debug="True" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<script runat="server">
void Page_Load(Object sender,EventArgs e)
{
}
//----------------------------------------------------
public void Admin_Login(Object sender,EventArgs E)
{
if (TextBox1.Text != Session["ValidateCode"].ToString())
{
CopyRight.Text = "验证码错误!";
}
//获取要加密的字段，并转化为Byte[]数组
byte[] data=System.Text.Encoding.Unicode
.GetBytes(source.Text.Trim().ToCharArray());
//建立加密服务
System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
//加密Byte[]数组
byte[] result= md5.ComputeHash(data);
//将加密后的数组转化为字段
string sResult=System.Text.Encoding.Unicode.GetString(result);
//作为密码方式加密
string EnPswdStr=System.Web.Security.FormsAuthentication.
HashPasswordForStoringInConfigFile(source.Text.ToString(),"MD5");
OleDbConnection cnn;
OleDbCommand cmd;
OleDbDataReader datar;
string sql,strcnn;
strcnn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("App_Data/DataBase.mdb");
cnn=new OleDbConnection(strcnn);
cnn.Open();
sql="select * from userG where userID='"+ AdminID.Text +"' and userPWD='"+ EnPswdStr +"'";
cmd=new OleDbCommand(sql,cnn);
datar=cmd.ExecuteReader();
if(datar.Read())
{
Session["userID"]=datar["userID"].ToString();
Session["userN"]=datar["userN"].ToString();
Session["sc"]=datar["sc"];
}
if(Session["userID"]!="")
{
Session["sc"]=1;
Response.Redirect("index.htm");
}
else
{
Response.Redirect("index.aspx");
}
if(Session["userID"]=="")
{
Response.Redirect("admin_Log.aspx");
}
}
</script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body>
<table cellpadding="0" cellspacing="0" class="twidth" width="576">
<tr>
<td align="center">
<div class="mframe">
<table cellpadding="0" cellspacing="0">
<tr>
<td class="tl"></td>
<td class="tm"><span class="tt">后台管理登陆</span> </td>
<td class="tr"></td>
</tr>
</table>
<table cellpadding="0" cellspacing="0">
<tr>
<td class="ml"></td>
<td class="mm">
<form id="LoginForm" runat="server">
<table cellpadding="0" cellspacing="0" style="height: 300px" width="60%">
<tr>
<td><img alt="后台管理登陆" src="../Images/Admin_Default/admin_key.gif" /></td>
<td align="center">
<table cellpadding="3" cellspacing="3" width="100%">
<tr>
<td align="right">用户名：</td>
<td>
<asp:TextBox ID="AdminID" runat="server" Columns="20"></asp:TextBox>

</td>
</tr>
<tr>
<td align="right">密&nbsp;&nbsp;码：</td>
<td>
<asp:TextBox ID="source" runat="server" Columns="20" TextMode="Password"></asp:TextBox>

</td>
</tr>
<tr>
<td align="right">验证码：</td>
<td>
<asp:TextBox ID="TextBox1" runat="server" Columns="4" MaxLength="4"></asp:TextBox>
<img src="user/ValidateCode.aspx" />

</td>
</tr>
<tr>
<td align="right"></td>
<td><asp:Button ID="LoginBtn" runat="server" OnClick="Admin_Login" Text="登录" /></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</td>
<td class="mr"></td>
</tr>
</table>
<table cellpadding="0" cellspacing="0">
<tr>
<td class="bl"></td>
<td class="bm">&nbsp;</td>
<td class="br"></td>
</tr>
</table>
</div>
<table id="footer">
<tr>
<td align="center"><asp:Literal ID="CopyRight" runat="server"></asp:Literal></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>

没怎么看明白你的问题．

登陆的时候只是直接执行了Response.Redirect("index.htm");这一句

Response.Redirect("index.htm");
执行这句了,就说明 Session["userID"] 中有值,怎么说商执行查询呢?

但是我无论输入什么字符和密码都能转到 Response.Redirect("index.htm")
这一句..查看session["userN"]的值是空的..

就是啊，楼上的说的对．如果没执行查询的话，Session["UserID"]也就没有实例化，就会提示"未将对象引用至实例"的错误！

哦，我明白了．Session["UserID"]是object类型，要判断它是否有值应该是这样判断的 即:if(Session["UserID"]!=System.DBNull.Value){ Response.Redirect("index.htm");},你换成这个试试．

if(Session["userID"]!="")
改成
if(Session["userID"]!="" && Session["userID"] != null)

你为什么不把这些代码写在后置代码里呢??
这样写不安全,而且不太好调试

我只是试试的还没放在后置代码里面...
前面的问题解决了..但是我第一次登陆后..第二次无论输入什么都可以登陆,...为什么??
我加判断空的密码会提示..但总是不执行(谁能告诉我在哪里加吗?)
public void Admin_Login(Object sender, EventArgs E)
{
if (TextBox1.Text != Session["ValidateCode"].ToString())
{
Response.Write("<script>alert('验证码错误，请重新登陆!!')</sc" + "ri" + "pt/>");
}
else
{
//获取要加密的字段，并转化为Byte[]数组
byte[] data = System.Text.Encoding.Unicode
.GetBytes(source.Text.Trim().ToCharArray());
//建立加密服务
System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
//加密Byte[]数组
byte[] result = md5.ComputeHash(data);
//将加密后的数组转化为字段
string sResult = System.Text.Encoding.Unicode.GetString(result);
//作为密码方式加密

string EnPswdStr = System.Web.Security.FormsAuthentication.
HashPasswordForStoringInConfigFile(source.Text.ToString(), "MD5");
OleDbConnection cnn;
OleDbCommand cmd;
OleDbDataReader datar;
string sql, strcnn;
strcnn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("App_Data/DataBase.mdb");
cnn = new OleDbConnection(strcnn);
cnn.Open();
sql = "select * from userG where userID='" + AdminID.Text + "' and userPWD='" + EnPswdStr + "'";
cmd = new OleDbCommand(sql, cnn);
datar = cmd.ExecuteReader();
if (datar.Read())
{
Session["userID"] = datar["userID"].ToString();
Session["userN"] = datar["userN"].ToString();
Session["sc"] = datar["sc"];
}
if (Session["userID"] != "" && Session["userID"] != null)
{

Response.Redirect("index.htm");
}
else
{
Response.Write("<script>alert('密码或用户名错误，请重新登陆!!')</sc" + "ri" + "pt/>");
Response.Redirect("admin_Login_A.aspx");
}

}
}

没看到你判断密码为空时的提示代码啊，在哪写的？