我该怎么办一个Forget.aspx? [英] how should i do a Forget.aspx?
问题描述
hi
我有一个登录功能,但是我有一个链接按钮,它链接到Forget.aspx....
它有一个文本框供用户输入其电子邮件
但是,通常,如果用户忘记了密码,则用户将进入此Forget.aspx
但网站应该无法检索密码,因为密码在注册时会散列并存储在表中密码
所以我想可能是用户输入电子邮件地址后,它将通过电子邮件将重置链接发送给我
然后,如果我转到该电子邮件,则应该已经收到该链接,一旦单击该链接,便会提示我进入我的网站,该网站上有2个文本框;重设新密码并确认重设新密码
但是我不确定如何做到这一点?
hi
i have a login function but i have a link button which link to Forget.aspx....
where it have a textbox for user to enter their email
however, normally, if user forget the password, then the user will come to this Forget.aspx
but the website should not be able to retrieve the password because of the password is hash during register and store in table password
so what i think was may be after the user enter the email address, it will email me a reset link
then if i go to the email, i should have receive the link, once i click on it should prompt me to my website where it has a 2 textbox; reset new password and confirm reset new password
However i not sure how to do this? hopefully someone can show me an example or sample of how this can be done?
推荐答案
如果您对用户密码进行哈希处理(是的,做得好!),那么,您可以.如果忘记了就无法找回它.
解决此问题的正常方法是将密码重置为随机字符串(我使用Guid,但您可以使用 ^ ]),然后将新密码通过电子邮件发送给用户注册的电子邮件地址.请记住要为他们提供更改密码的功能,因为所有随机密码都很难记住,因此容易被写下并固定在计算机上.一个简单的页面仅显示密码重置-新密码已被删除.通过电子邮件发送到您注册的电子邮件地址"就是您所需要的,只要他们忘记了用户名或电子邮件地址的密码即可.
电子邮件部分非常简单,这里有一个常规例程应该可以帮助您:
If you hash your users password (Yay! Well done!) then no, you can''t retrieve it if they forget it.
The normal way to handle this is to reset the password to a random string (I use a Guid, but you can use the GeneratePassword method[^]) and then email the new password to the users registered email address. Remember to provide them with a facility to change the password, as all random passwords are difficult to remember and thus tend to get written down and stuck to the computer... A simple page which just says "Password reset - the new one has been emailed to your registered email address" is all you need once you have got the userid or email address that they have forgotten the password for.
The email part is pretty simple, there is a generic routine here that should help: Sending an Email in C# with or without attachments: generic routine.[^]
这篇关于我该怎么办一个Forget.aspx?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
