如何不使用ASP.Net会员安全问题和答案进行自定义密码恢复? [英] How to not use ASP.Net Membership Security Question and Answer for custom password recovery?
问题描述
我不希望有安全问题和答案的功能,ASP.Net成员资格提供给了,但我不希望启用丢失/忘记的密码的页面。
I don't want to have the security question and answer feature that ASP.Net Membership Provider gives, but I DO want to enable a lost/forgotten password page.
该网页将是其中一个用户可以输入他/她的电子邮件地址,如果用户注册为他们通过发送到注册的电子邮件地址链接重设密码的电子邮件将被发送到该地址
This page would be where a user would enter his/her email address and an email would be sent to that address if the user was registered for them to reset their password via a link sent to that registered email address
我创建自定义的表来跟踪这些请求,分配请求以及对请求进行到期日的随机密钥。然而,在写code实际重置密码,我意识到似乎没有要,做类似ResetPassword(电子邮件,新密码),而无需使用安全Q&放大器的方法; A位(这我不'吨有)。
I've created the custom table to track such requests, the random key assigned to the request as well as an expiry date on the request. However in writing the code to actually reset the password, I realised that there doesn't seem to be a method that does something like ResetPassword(email, newPassword) without needing to use the Security Q&A bit (which I don't have).
有没有办法简单地通过一个内置的隶属度函数重置用户的密码?
Is there any way to simply reset a user's password via a built in Membership function?
如果不是,我怎么会需要得到这个工作?
If not, how would I need to get this done?
在此先感谢给予任何帮助。
-Nissan
Thanks in advance for any help given. -Nissan
推荐答案
我最终什么事做了以下
public string ResetPassword(string email)
{
var m_userName = Membership.GetUserNameByEmail(email);
var m_user = Membership.GetUser(m_userName);
return m_user.ResetPassword();
}
然后我添加了一个新的方法来使用这个值来更改密码
then I added a new method to use this value to change the password
public bool ChangeLostPassword(string email, string newPassword)
{
var resetPassword = ResetPassword(email);
var currentUser = Membership.GetUser(Membership.GetUserNameByEmail(email), true);
return currentUser.ChangePassword(resetPassword, newPassword);
}
这篇关于如何不使用ASP.Net会员安全问题和答案进行自定义密码恢复?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
