Ste*_*eve 5 c# membership asp.net-membership membership-provider
我有一个新表,其中包含旧密码,我需要检查是否有匹配.
如果匹配,我需要ChangePassword控件来不更改密码.我需要告诉用户该密码已被使用并且是一张新密码.
我似乎无法通过更改密码来中断控制.也许我正在使用错误的事件.
这是我的一段代码,或者我希望它如何工作.我感谢你的帮助.
protected void ChangePassword1_ChangedPassword(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser();
string usrName = "";
if (user != null)
{
string connStr = ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString;
SqlConnection mySqlConnection = new SqlConnection(connStr);
SqlCommand mySqlCommand = mySqlConnection.CreateCommand();
mySqlCommand.CommandText = "Select UserName from OldPasswords where UserName = 'test'";
mySqlConnection.Open();
SqlDataReader mySqlDataReader = mySqlCommand.ExecuteReader(CommandBehavior.Default);
while (mySqlDataReader.Read())
{
usrName = mySqlDataReader["UserName"].ToString();
if (usrName == user.ToString())
{
Label1.Text = "Match";
}
else
{
Label1.Text = "NO Match!";
}
}
史蒂夫,你压倒了错误的方法.您想要覆盖可取消的ChangingPassword.
试试这个:
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e)
{
// do your lookup here,
bool passwordHasBeenPreviouslyUsed = true;
if (passwordHasBeenPreviouslyUsed)
{
e.Cancel = true;
// notify of error
return;
}
}
而且,按照前文的Q/A会话,你永远也不会EVER存储用户的密码1.转到成员资格表并获取salt并使用它来散列传入密码以与已存储在查找表中的已经盐散列值进行比较.
祝好运.
(1) - 当首席执行官发现他的密码以可利用的格式存储时,您的职位将如何成立?我们对黑人法师有一定程度的信任,而且信任承担着自己的风险.注意它们.;-)
编辑:
一个工作的例子:
为ChangePassword.aspx
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Diagnostics"%>
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
}
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e)
{
// works for me!
Debugger.Break();
}
</script>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:ChangePassword ID="ChangePassword1" runat="server" OnChangingPassword="ChangePassword1_ChangingPassword">
</asp:ChangePassword>
</div>
</form>
</body>
</html>
更新:您可能还有兴趣在更高的范围内定义一个处理所有密码活动的处理程序:
考虑一下
public void SetupPasswordActionHook()
{
//Occurs when a user is created, a password is changed, or a password is reset.
Membership.ValidatingPassword += Membership_ValidatingPassword;
}
void Membership_ValidatingPassword(object sender, ValidatePasswordEventArgs e)
{
// Gets a value that indicates whether the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a
// call to the System.Web.Security.MembershipProvider.CreateUser() method.
// true if the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a call to the
// System.Web.Security.MembershipProvider.CreateUser() method; otherwise, false.
bool isNewUser = e.IsNewUser;
// Gets the password for the current create-user, change-password, or reset-password action.
// The password for the current create-user, change-password, or reset-password action.
string password = e.Password;
// Gets the name of the membership user for the current create-user, change-password, or reset-password action.
// The name of the membership user for the current create-user, change-password, or reset-password action.
string username = e.UserName;
// Gets or sets a value that indicates whether the current create-user, change-password, or reset-password action will be canceled.
// true if the current create-user, change-password, or reset-password action will be canceled; otherwise, false. The default is false.
e.Cancel = true;
// Gets or sets an exception that describes the reason for the password-validation failure.
// An System.Exception that describes the reason for the password-validation failure.
e.FailureInformation = new Exception("This is why I failed your password");
}
| 归档时间: |
|
| 查看次数: |
8916 次 |
| 最近记录: |