我该如何“忘记密码"?在asp.net中使用C#? [英] how can i make "forgot your password" in asp.net using c#?
本文介绍了我该如何“忘记密码"?在asp.net中使用C#?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我如何使用c#在asp.net中创建忘记密码"?
how can i make "forgot your password" in asp.net using c#?
推荐答案
使用以下教程:http://www.asp.net/security/tutorials/recovering-and-changing-passwords-cs [ ^ ].
请注意使用密码恢复控制"部分.它基于可逆密码存储. 我不推荐这种解决方案,因为它会极大地损害安全性.真正受保护的系统使用不可逆算法以散列形式存储密码,并且不允许恢复现有密码.他们使用加密散列函数( http://en.wikipedia.org/wiki/Cryptographic_hash_function [ ^ ])或加密.身份验证永远不需要密码的原始形式.重置密码并向需要尽快更改密码的用户提供密码的唯一正确方法.
另外,请理解,密码应该是用户的私有财产.没有人应该知道这样的密码,包括用户的主管或系统管理员.
—SA
Use the following tutorial: http://www.asp.net/security/tutorials/recovering-and-changing-passwords-cs[^].
Please pay attention to the section "Using the PasswordRecovery Control". It is based on reversible password storage. I do not recommend this solution because it would greatly compromise security. Really secured systems store passwords in hashed form using irreversible algorithms and does not allow recovery of existing password. They use a cryptographic hash function (http://en.wikipedia.org/wiki/Cryptographic_hash_function[^]) or encryption. Authentication never needs the original form of a password. The only right way it to reset the password and deliver it the the user who needs to change it as soon as possible.
Also, please understand that a password should be a private property of a user. Nobody is supposed to be able to know such passwords, including user''s supervisors or system administrators.
—SA
您可以根据用户ID/电子邮件ID将新密码/实际密码发送到邮件.
#使用文本框获取电子邮件ID
#检查数据库中是否存在电子邮件ID
#如果是,则获取该电子邮件ID的密码(如SELECT [Password] FROM TableUser WHERE EmailID=''a@b.com'')&将其发送到mailid
#如果否,则抛出诸如无效的emailid"之类的消息
编辑
-------------------------------
不要转发问题
如何进行忘记了密码在ASP.NET中使用c#? [
You can send the new/actual password to mail based on userid/emailid.
# Get the email id using a textbox
# Check the email id exists in the database
# If yes, then get the password for that email id (LikeSELECT [Password] FROM TableUser WHERE EmailID=''a@b.com'') & send that to the mailid
# If no, then throw a message like "Invalid emailid"
EDIT
-------------------------------
Don''t repost questions
how can i make "forgot your password" in asp.net using c#?[^]
这篇关于我该如何“忘记密码"?在asp.net中使用C#?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
