如果提供安全性问题和以前的密码正确，如何更新密码 [英] how to update a password providing a security question and previous password is correct

问题描述

如果我输入正确的安全性问题和旧密码，我可以更新密码吗?通过问题您可能会得到我有一个登录表单，其中存储了三件事:一个安全性问题，一个密码和一个用户名.我有一个表单，上面有一个必须输入用户名的文本框，然后将打开第二个表单，其中包含用户的安全性问题，我想添加一个更新，例如忘记密码，然后重新设置或更改您的密码密码直到现在我已经完成了编码

 公共  void  button1_Click(对象发​​件人，EventArgs e)
        {
            {
                SqlConnection con = 新 SqlConnection();
                con.ConnectionString =  @" ;
                字符串 q =("  + textBox1.Text +  '");
                con.Open();
                SqlCommand cmd = 新 SqlCommand(q，con);
                SqlDataReader dr = cmd.ExecuteReader();
                如果(dr.HasRows ==  true )
                {
                    Form2 f2 = 新 Form2();
                     while (dr.Read())
                    {
                        f2.label1.Text = dr [" ].ToString();
                        f2.textBox2.Text = dr [" ].ToString();
                    }
                    dr.Close();
                    con.Close();
                    f2.Show();
                } 

解决方案

看看:表单身份验证提供程序 [ ^ ]，使用成员资格管理用户 [ ASP.NET登录控件 [安全存储密码 [ ALTER LOGIN [ ^ ]语句来更改密码.例如:

  ALTER 登录SomeLoginName  WITH  PASSWORD =  NewPasswordToBeSet'; 

注意:切勿直接将值连接到SQL语句.这样您就可以面对SQL注入，数据类型转换问题等等.而是使用 SqlParameter [public void button1_Click(object sender, EventArgs e) { { SqlConnection con = new SqlConnection(); con.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=c:\documents and settings\aquib\my documents\visual studio 2010\Projects\labelnameinsecondformtry\labelnameinsecondformtry\Database1.mdf;Integrated Security=True;User Instance=True"; string q = ("select SEC_QUESTION,PASSWORD from Table1 where USERNAME='" + textBox1.Text + "'"); con.Open(); SqlCommand cmd = new SqlCommand(q, con); SqlDataReader dr = cmd.ExecuteReader(); if (dr.HasRows == true) { Form2 f2 = new Form2(); while (dr.Read()) { f2.label1.Text = dr["SEC_QUESTION"].ToString(); f2.textBox2.Text = dr["PASSWORD"].ToString(); } dr.Close(); con.Close(); f2.Show(); }

解决方案

Have a look at: ASP.NET Authentication[^], Forms Authentication Provider[^], Managing Users by Using Membership[^] and ASP.NET Login Controls[^]

Pay attention to the The ChangePassword Control which allows users to change their password. The user must first supply the original password and then create and confirm the new password. If the original password is correct, the user password is changed to the new password. The control also includes support for sending an e-mail message about the new password.

Use the mechanisms provided by .Net, the ChangePassword Control can be customized to suit your needs.

Perhaps you''ll be interested in this: Storing Passwords Securely[^]

Best regards
Espen Harlinn

Do you mean how you change the password. If that''s the question, as long as you have necessary privileges, you can use the ALTER LOGIN[^] statement to change the password. For example:

ALTER LOGIN SomeLoginName WITH PASSWORD = 'NewPasswordToBeSet';

Note: Never directly concatenate values to your SQL statement. That leaves you open to SQL injections, data type conversion problems and so on. Instead use SqlParameter[^].

这篇关于如果提供安全性问题和以前的密码正确，如何更新密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！