如何更改密码ASP.NET [英] How do I change the password ASP.NET
问题描述
您好,谢谢您的帮助。我有一个快速的问题。我想更改密码,验证实际密码是否正常,然后更改它,但我的if else只是执行我的其他分支并显示密码错误。我的代码中的问题在哪里?谢谢!
我的尝试:
protected void MetodaSchimbaParola (对象发送者,EventArgs e)
{
if(txtParola.Text == Request.Cookies [Login] [parola]。ToString())
{
con.Open();
SqlCommand cmd = new SqlCommand(UPDATE inregistrare_user SET parola = @ PA where userID = @ UD ,con);
cmd.Parameters.AddWithValue(@ PA,txtParolaNoua1.Text);
cmd.Parameters.AddWithValue(@ UD,Request.Cookies [Login] [userID]。ToString());
cmd.ExecuteNonQuery( );
con.Close();
Informare.Text =PASSWORD CHANGED;
}
否则
{
Informare.Text =错误的实际密码;
}
Hello and thank you for help. I have a quick problem. I want to change the password, verify if the actual password is ok, then change it but my if else is just execute my else branch and show that the password is wrong. Where is the problem in my code? Thank you!
What I have tried:
protected void MetodaSchimbaParola(object sender, EventArgs e)
{
if (txtParola.Text == Request.Cookies["Login"]["parola"].ToString())
{
con.Open();
SqlCommand cmd = new SqlCommand("UPDATE inregistrare_user SET parola=@PA where userID=@UD", con);
cmd.Parameters.AddWithValue("@PA", txtParolaNoua1.Text);
cmd.Parameters.AddWithValue("@UD", Request.Cookies["Login"]["userID"].ToString());
cmd.ExecuteNonQuery();
con.Close();
Informare.Text = "PASSWORD CHANGED";
}
else
{
Informare.Text = "WRONG ACTUAL PASSWORD";
}
推荐答案
一些事情:
1)为了用户的利益,请始终要求新密码TWICE。比较两者,如果它们不相同,则不要更改它。这很容易让错误的情况发生,或者打出一个额外的密钥 - 如果他们不知道密码对你和他们都有问题。
2)永远不要密码存储文本!这是一个重大的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
由于您的代码每次都转到其他地方,因此密码与您检索的值不同曲奇饼干。所以要做的第一件事就是使用调试器(或记录语句)来确切地找出你要比较的两个字符串。
当你知道你可以开始查看 为什么 它们是不同的 - 但是很可能知道两个字符串是什么会给你一个很大的线索!
A couple of things:
1) For the benefit of the user, always ask for the new password TWICE. Compare the two and if they aren't the same you don't change it. It's far too easy to get the case wrong, or hit an extra key - and if they don't know the password that's a problem for you as well as them.
2) Never store passwords in clear text! It is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
Since your code is going to the else each time, then the password is not the same as the value you are retrieving for the cookies. SO the first thing to do is to use the debugger (or logging statements) to find out exactly what two strings you are comparing.
When you know that you can start looking at why they are different - but it's likely that knowing what the two strings are will give you a massive clue to that!
嗨!由于你总是在else块中结束,这意味着
Hi! Since you allways end up in the else block, this means that
txtParola.text == Request.Cookies["Login"]["parola"].ToString()
不是这样。我想暂停一下,并指出将原始格式的密码存储在cookie文件中的安全风险。真的很糟糕,所以希望你没有它。我希望你的Request.Cookies [Login] [parola]返回用户密码的哈希字符串,你的txtParola.Text返回原始格式。或者甚至更多,在您的开发环境中根本没有cookie文件。
但是将你的其他块替换为
is not true. I want to stop for a second and point out the security risk of having your password in raw format stored in a cookie file. Is really really bad, so hopefully you don't have it. I hope that your "Request.Cookies["Login"]["parola"]" returns a hash string of the user password, and your "txtParola.Text" returns the raw format. Or even more likley, there is no cookie file at all in your dev enviorment.
But replace your else block to
Informate.Text = Request.Cookies["Login"]["parola"].ToString() == "" ? "The Cookie is empty" : Request.Cookies["Login"]["parola"].ToString()
看看你的cookie中是否有你的想法。我真的建议您在周末输入代码并研究如何在您选择的IDE中进行调试。这不好笑,但它很好。从长远来看,它会让你有更多的时间来搞清楚有趣的东西。因为使用我上面使用的样式(在控制台中打印一些值)是调试代码的一种非常慢的方法。
And see if you have what you think in your cookie. I really recomend that you take an weekend off typing code and study how to debug in your choice of IDE. It's not funny, but it's good. And in the long term, it will give you more time for funny stuff over fixing stuff. Because using the style I have used above (Printing some values out in "console") is a really slow way to debug code.
解决方案:使用VARCHAR而不是NCHAR或CHAR。谢谢你的建议。祝你有美好的一天!
Solution: Use VARCHAR istead of NCHAR or CHAR. Thank you for your advices. Have a great day !
这篇关于如何更改密码ASP.NET的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
