ASP.NET成员更改密码不工作 [英] ASP.NET Membership change password not working
问题描述
我有这个$ C $下更改用户的密码,当他们点击密码重置按钮(带额外的code登录到ELMAH这样我就可以揣摩出了什么错误)。
I have this code for changing a user's password when they click the password reset button (with extra code to log to ELMAH so I can try to figure out what is going wrong).
这是在ASP.NET MVC 2,使用标准的ASPNET会员供应商,这样一个简单的观点:
This is in ASP.NET MVC 2, using the standard aspnet membership provider, with a simple View like this:
New Password: ______
Confirm Password: ______
[Reset] [Cancel]
这种观点的途径是 /帐号/复位/ GUID ,其中GUID是ASPNET会员数据库中的用户ID。
The route to this view is /Account/Reset/guid, where guid is the user's id in the aspnet membership database.
的code关键的部分是它调用 user.ChangePassword()。你可以看到,它记录一条消息时成功。现在的问题是,对于某些用户来说,登录成功的消息,但他们不能用新密码登录。对于其他用户来说,它记录了成功的消息,他们可以登录。
The key portion of the code is where it calls user.ChangePassword(). You can see that it logs a message when successful. The problem is that for some users, the success message is logged, but they can not log in with the new password. For other users it logs the success message and they can log in.
if (user.ChangePassword(pwd, confirmPassword))
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - changed successfully!"));
return Json(new {
Msg = "You have reset your password successfully." },
JsonRequestBehavior.AllowGet);
}
满code列表:
The full code listing is:
[HttpPost]
public JsonResult ResetPassword(string id, string newPassword, string confirmPassword)
{
ErrorSignal.FromCurrentContext().Raise(new Exception("ResetPassword started for " + id));
ViewData["PasswordLength"] = Membership.MinRequiredPasswordLength;
if (string.IsNullOrWhiteSpace(newPassword))
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - new password was blank."));
ModelState.AddModelError("_FORM", "Please enter a new password.");
return Json(new { Errors = ModelState.Errors() }, JsonRequestBehavior.AllowGet);
}
if (newPassword.Length < Membership.MinRequiredPasswordLength)
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - new password was less than minimum length."));
ModelState.AddModelError("_FORM",
string.Format("The password must be at least {0} characters long.",
Membership.MinRequiredPasswordLength));
return Json(new { Errors = ModelState.Errors() }, JsonRequestBehavior.AllowGet);
}
if (string.IsNullOrWhiteSpace(confirmPassword))
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - confirm password was blank."));
ModelState.AddModelError("_FORM",
"Please enter the same new password in the confirm password textbox.");
return Json(new { Errors = ModelState.Errors() }, JsonRequestBehavior.AllowGet);
}
if (confirmPassword.Length < Membership.MinRequiredPasswordLength)
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - confirm password was less than minimum length."));
ModelState.AddModelError("_FORM",
string.Format("The password must be at least {0} characters long.",
Membership.MinRequiredPasswordLength));
return Json(new { Errors = ModelState.Errors() }, JsonRequestBehavior.AllowGet);
}
if (confirmPassword != newPassword)
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - new password did not match the confirm password."));
ModelState.AddModelError("_FORM", "Please enter the same password again.");
return Json(new { Errors = ModelState.Errors() }, JsonRequestBehavior.AllowGet);
}
bool isMatch = ValidationHelper.IsGUID(id);
if (string.IsNullOrWhiteSpace(id) || !isMatch)
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - id was not a guid."));
ModelState.AddModelError("_FORM", "An invalid ID value was passed in through the URL");
}
else
{
//ID exists and is kosher, see if this user is already approved
//Get the ID sent in the querystring
Guid userId = new Guid(id);
try
{
//Get information about the user
MembershipUser user = Membership.GetUser(userId);
if (user == null)
{
//could not find the user
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - could not find user by id " + id));
ModelState.AddModelError("_FORM",
"The user account can not be found in the system.");
}
else
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - user is " + user.UserName));
string pwd = user.ResetPassword();
if (user.ChangePassword(pwd, confirmPassword))
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - changed successfully!"));
return Json(new {
Msg = "You have reset your password successfully." },
JsonRequestBehavior.AllowGet);
}
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword
- failed to change the password, for an unknown reason"));
}
}
catch (Exception ex)
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword: " + ex));
return Json(new { Error = ex.Message + " -> "
+ ex.InnerException.Message }, JsonRequestBehavior.AllowGet);
}
}
return Json(new { Errors = ModelState.Errors() }, JsonRequestBehavior.AllowGet);
}
编辑:添加赏金,试图让这个解决。这是对我的问题名单中最恼人的问题之一,我不知道如何着手。
Adding a bounty to try to get this solved. This is one of the most annoying problems on my issue list, and I have no idea how to proceed.
推荐答案
如果用户需要重新设置自己的密码,有他们的帐户已被锁定,从过多的无效尝试的机会。如果是这种情况,那么该密码被成功重置,但是,直到锁定条件被清除的用户无法登录
If the user needs to reset his password, there is a chance their account has been locked out from too many invalid attempts. If this is the case, then the password is being reset successfully, but the user cannot log in until the lockout condition is cleared.
尝试检查 MembershipUser.IsLockedOut :
用户最常锁定和 不能由所述验证 ValidateUser方法时, MaxInvalidPasswordAttempts达到 内PasswordAttemptWindow。
Users are most commonly locked out and cannot be validated by the ValidateUser method when the MaxInvalidPasswordAttempts is reached within the PasswordAttemptWindow.
要将此属性设置为false,让 用户尝试重新登录,就可以 使用UnlockUser方法。
To set this property to false and let the user try to log in again, you can use the UnlockUser method.
修改的
你还要检查<一href="http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.isapproved.aspx">IsApproved?验证失败是这是假用户。
Did you also check IsApproved? Authentication will fail is this is false for the user.
此外,假设默认成员资格提供程序,你指的是SqlMembershipProvider的,可以在运行下面的查询对数据库,并确保一切看起来是正确的?
Also, assuming by default membership provider, you mean the SqlMembershipProvider, can you run the following query against your database and make sure everything looks correct?
select IsApproved, IsLockedOut, FailedPasswordAttemptCount
from aspnet_Membership
where ApplicationId = @yourApplicationId and UserId = @userId
尽量尝试登录验证 IsApproved 和 IsLockedOut 都OK之前执行查询。还要注意的值 FailedPasswordAttemptCount 。
Try executing the query before attempting to sign in to verify IsApproved and IsLockedOut are ok. Also note the value for FailedPasswordAttemptCount.
尝试登录,然后再次运行该查询。如果失败的登入,先后为值 FailedPasswordAttemptCount 已经增加?
Try signing in, and then run the query again. If signin fails, has the value for FailedPasswordAttemptCount been incremented?
您也可以看看了passwordFormat 在aspnet_Membership表,并确保它是正确的值取决于您所使用的格式(0为清除,1散列,和2加密)。
You could also look at PasswordFormat in the aspnet_Membership table and make sure it is the correct value depending on the format you are using (0 for Clear, 1 for Hashed, and 2 for Encrypted).
这篇关于ASP.NET成员更改密码不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
