哈希密码和PasswordRecovery控制 [英] Hashed passwords and PasswordRecovery control
问题描述
1)firstUser是在成员资格模块将requireQuestionAndAnswer设置为false时创建的,而secondUser是在requireQuestionAndAnswer设置为true时创建的.
1) firstUser was created when membership module had requiresQuestionAndAnswer set to false, while secondUser was created when requiresQuestionAndAnswer was set to true.
-
如果我们尝试通过PasswordRecovery PR控件恢复密码,并且将requireQuestionAndAnswer设置为true,则PR不会通过电子邮件将密码发送给firstUser,但是会将密码发送给secondUser.
If we try to recover pwd via PasswordRecovery PR control and we set requiresQuestionAndAnswer to true, then PR doesn’t email password to firstUser, but it does to secondUser.
如果我们将requireQuestionAndAnswer设置为false,则PR会将pwd电子邮件发送给secondUser(跳过问题/答案阶段).但是,为什么公关也不会通过电子邮件将pwd发送给firstUser?
If we set requiresQuestionAndAnswer to false, then PR does email pwd to secondUser (it skips the question/answer stage). But why doesn’t PR also email pwd to firstUser?
2)我在某处读到,如果成员资格提供者以散列形式存储密码,则PR将生成一个新的密码并通过电子邮件发送给用户.但是相反,我得到了一个例外.我们必须为PR配置一些属性以生成新的密码并通过电子邮件发送它吗?
2) I’ve read somewhere that if membership provider stores password in hashed form, then the PR will generate a new pwd and email it to the user. But instead I get an exception. Is there some property we must configure for PR to generate new pwd and email it?
感谢
更新:
1)由于某种原因,它现在可以使用.即,如果我们将requireQuestionAndAnswer设置为false,则PR还将向firstUser发送电子邮件
1) For some reason it works now. Namely, if we set requiresQuestionAndAnswer to false, then PR also sends email to firstUser
2)如果密码以散列形式存储,则:
2) If passwords are stored in hashed form, then if:
a) enablePasswordRetrieval ="true" 和 enablePasswordReset 设置为 true 或 false ->公关产生异常
b)如果 enablePasswordRetrieval ="false" 和 enablePasswordReset ="false" -> PR生成异常
c)如果 enablePasswordRetrieval 设置为false,而 enablePasswordReset 设置为 true ,则PR将自动生成新的密码并通过电子邮件发送.
a) enablePasswordRetrieval="true" and enablePasswordReset is set to either true or false --> PR generates exception
b) if enablePasswordRetrieval="false" and enablePasswordReset="false" --> PR generates exception
c) if enablePasswordRetrieval is set to false and enablePasswordReset is set to true, then PR automatically generates new pwd and emails it.
类似地,如果未对pwd进行散列,但是我们有 enablePasswordRetrieval ="false" ,则必须将 enablePasswordReset 设置为true(以便PR生成新的pwd通过电子邮件发送),否则我们会收到异常
Similarly, if pwd is not hashed, but we have enablePasswordRetrieval="false", then enablePasswordReset must be set to true (so that PR generates a new pwd and emails it), else we get an exception
推荐答案
如果您想生成自己的密码并且将q&a设置为true,则需要创建第二个成员资格提供程序.
if you want to generate your own password and you have q&a set to true, you need to make a second membership provider.
此处是链接: http://peterkellner.net/2007/02/15/resetpasswordaspnet/
这篇关于哈希密码和PasswordRecovery控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
