如何通过授权从登录页面打开忘记密码页面 [英] How to open forgot password page from login page with authorization

问题描述

大家好。



我的网络应用程序有认证和授权。



我想打开忘记密码页面表单登录页面。但它不允许我访问该页面。



我使用以下代码访问该页面。

hi guys.

my web application has authentication and authorization.

I want to open forgot password page form login page. But it is not allowing me to access the page.

I gave access to the page using below code.

<location path="~/ForgotPassword.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
    
      </authorization>
    </system.web>
  </location>

如何从登录页面访问该页面。

how to get access to the page from login page.

推荐答案

你应该添加这个

you should add this

<allow users="?" />

如果您正在使用MVC，请检查特定页面的控制器以允许匿名意味着它不应该使用[授权]注释。

If you are using MVC check the controller of the specific page to allow anonymous meaning it should not be decorated with [Authorize] annotation.

将您的登录，注册和忘记密码页面放入登录文件夹，并将其web.config设置为允许所有用户：

Piut your login, register, and forgot password pages into a "login" folder, and set it's web.config to "allow all users":

<system.web>
    <authorization>
        <allow users="*" />
    </authorization>
</system.web>

请记住，您绝不应将密码以明文或加密方式存储 - 仅作为盐渍哈希，因此您的忘记密码页面应该向注册的电子邮件地址发出临时密码，该密码仅持续很短的时间。

Do remember that you should never store passwords in clear or encrypted - only as a salted hash, so your "forgot password" page should issue a temporary password to the registered email address, which lasts a short time only.

这篇关于如何通过授权从登录页面打开忘记密码页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！