在ASPNET的MembershipProvider更改密码问题 [英] Change Password Issue in AspNet MembershipProvider
问题描述
我正在使用MVC 3 ASPNET成员资格提供。 我在更改密码面临的问题。 我有两个功能在我的项目
I am using AspNet Membership Provider in MVC 3. I am facing issue in change password. I have two functionality in my project
- 忘记密码:问的安全问题,并根据安全性的回答修改密码 。
- 在管理员修改密码:一个管理员可以修改任何用户的密码,不知道旧密码或安全的答案
现在的问题是,功能#1,我必须作出改变web配置为使 requiresQuestionAndAnswer =真正的
的修改密码,这样我可以修改密码只有在安全的答案是有效的。
Now the issue is that for functionality # 1, i have to make changes in web config for making requiresQuestionAndAnswer="true"
for change password so that i can change password only if security answer is valid.
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
和我使用低于code在忘记密码修改密码:
and i am using below code for changing password in forgot password:
string resetPassword = res.ResetPassword(model.PasswordAnswer);
MembershipService.ChangePassword(model.Username, newPassword, model.NewPassword)
现在的情况#2,那里的管理员我想设施更改任何用户的密码,不知道旧的密码或安全的答案。这是唯一可能的(我知道)通过 requiresQuestionAndAnswer =假
。
now for situation # 2, where for admin i wants facility to change password of any user without knowing old password or security answer. which is only possible (as i know) by making requiresQuestionAndAnswer="false"
.
注:我使用单独的 MVC区
的管理部分,因此可能是一个又一个的web配置可以做一些魔法。
Note:I am using separate MVC AREA
for admin part, so may be a another web config can do some magic.
请建议我如何可以兼得的特性(重设密码安全答案,并没有安全的答案)一起在单一应用程序。
please suggest how can i have have both the features (reset password with security answer and without security answer) together in single application.
多谢
推荐答案
终于得到了答案:
在web配置我设置了 requiresQuestionAndAnswer =真正的
所以这样可以解决问题#1,现在忘记密码安全答案是必需的。
Finally got the answer:
In web config i set the requiresQuestionAndAnswer="true"
so this resolves the issue#1, now for forgot password a security answer is required.
和问题2我想要的设施管理员更改任何用户的密码,不知道旧的密码或安全的答案。我已经用反思它改变私有变量_ RequiresQuestionAndAnswer
为假的值,然后重新设置密码,然后再次将其值设置为true:
and for issue#2 where i want the facility for admin to change password of any user without knowing old password or security answer. I have used Reflection for it to change the value of private variable _RequiresQuestionAndAnswer
to false then reset the password and then again set its value to true:
var _requiresQA = Membership.Provider.GetType().GetField("_RequiresQuestionAndAnswer",
System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic);
//change the value in the private field
_requiresQA.SetValue(Membership.Provider, false);
//do the reset
tempPassword = user.ResetPassword();
//set it's original value
_requiresQA.SetValue(Membership.Provider, true);
我得到了这个解决方案为:<一href="http://djsolid.net/blog/asp.net-membership---change-password-without-asking-the-old-with-question-and-answer" rel="nofollow">http://djsolid.net/blog/asp.net-membership---change-password-without-asking-the-old-with-question-and-answer
这篇关于在ASPNET的MembershipProvider更改密码问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!