在ASPNET的MembershipProvider更改密码问题 [英] Change Password Issue in AspNet MembershipProvider

问题描述

我正在使用MVC 3 ASPNET成员资格提供。 我在更改密码面临的问题。 我有两个功能在我的项目

I am using AspNet Membership Provider in MVC 3. I am facing issue in change password. I have two functionality in my project

1. 忘记密码：问的安全问题，并根据安全性的回答修改密码
。
2. 在管理员修改密码：一个管理员可以修改任何用户的密码，不知道旧密码或安全的答案

现在的问题是，功能＃1，我必须作出改变web配置为使 requiresQuestionAndAnswer =真正的的修改密码，这样我可以修改密码只有在安全的答案是有效的。

Now the issue is that for functionality # 1, i have to make changes in web config for making requiresQuestionAndAnswer="true" for change password so that i can change password only if security answer is valid.

<membership>
      <providers>
        <clear />
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
      </providers>
    </membership>

和我使用低于code在忘记密码修改密码：

and i am using below code for changing password in forgot password:

   string resetPassword = res.ResetPassword(model.PasswordAnswer);
   MembershipService.ChangePassword(model.Username, newPassword, model.NewPassword)

现在的情况＃2，那里的管理员我想设施更改任何用户的密码，不知道旧的密码或安全的答案。这是唯一可能的（我知道）通过 requiresQuestionAndAnswer =假。

now for situation # 2, where for admin i wants facility to change password of any user without knowing old password or security answer. which is only possible (as i know) by making requiresQuestionAndAnswer="false" .

注：我使用单独的 MVC区的管理部分，因此可能是一个又一个的web配置可以做一些魔法。

Note:I am using separate MVC AREA for admin part, so may be a another web config can do some magic.

请建议我如何可以兼得的特性（重设密码安全答案，并没有安全的答案）一起在单一应用程序。

please suggest how can i have have both the features (reset password with security answer and without security answer) together in single application.

多谢

推荐答案

终于得到了答案：                      在web配置我设置了 requiresQuestionAndAnswer =真正的所以这样可以解决问题＃1，现在忘记密码安全答案是必需的。

Finally got the answer: In web config i set the requiresQuestionAndAnswer="true" so this resolves the issue#1, now for forgot password a security answer is required.

和问题2我想要的设施管理员更改任何用户的密码，不知道旧的密码或安全的答案。我已经用反思它改变私有变量_ RequiresQuestionAndAnswer 为假的值，然后重新设置密码，然后再次将其值设置为true：

and for issue#2 where i want the facility for admin to change password of any user without knowing old password or security answer. I have used Reflection for it to change the value of private variable _RequiresQuestionAndAnswer to false then reset the password and then again set its value to true:

var _requiresQA = Membership.Provider.GetType().GetField("_RequiresQuestionAndAnswer",
        System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic);
    //change the value in the private field
    _requiresQA.SetValue(Membership.Provider, false);
    //do the reset
    tempPassword = user.ResetPassword();
    //set it's original value
    _requiresQA.SetValue(Membership.Provider, true);

我得到了这个解决方案为：<一href="http://djsolid.net/blog/asp.net-membership---change-password-without-asking-the-old-with-question-and-answer" rel="nofollow">http://djsolid.net/blog/asp.net-membership---change-password-without-asking-the-old-with-question-and-answer

这篇关于在ASPNET的MembershipProvider更改密码问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！