MembershipProvider 和PasswordRecovery 控件
我需要使用 .net 2.0 中的 PasswordRecovery 控件的帮助。 我的情况是应用程序已从以散列形式存储密码格式更改为清晰形式。
问题是新创建的用户存储了明确的密码,并且仍然有用户使用散列密码。 当我对仍然拥有散列密码的用户使用如下所示的密码恢复控件时,对于那些具有散列密码的先前用户,“PasswordFormat”字段不会更改为“清除”。
<asp:PasswordRecovery MailDefinition-BodyFileName="/mailTemplates/changePassword.htm" MailDefinition-From="[email protected]" MailDefinition-Subject="Test" CssClass="noLines" ID="PasswordRecovery1" UserNameTitleText="" UserNameInstructionText="Enter User name and a new passord will be generated and mailed to the user" runat="server" SuccessText="Your password has been sent to your registered email address." SubmitButtonStyle-CssClass="button"
onsendingmail="PasswordRecovery1_SendingMail" MembershipProvider="AspNetSqlMembershipProviderF0005600">
</asp:PasswordRecovery>
<membership>
<providers>
<remove name="AspNetSqlMembershipProviderF0005600"/>
<add name="AspNetSqlMembershipProviderF0005600" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Clear" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
(提前致歉重新发布)。
I need help using the PasswordRecovery control in .net 2.0. My situation is the application has changed from storing the passwordformat in Hashed to Clear.
The problem is the newly created users have a clear password stored and there are still users with hashed passwords. When I use the passwordRecovery control as below for users who still have a hashed password, the 'PasswordFormat' field is NOT altered to 'clear' for those previous users with hashed passwords.
<asp:PasswordRecovery MailDefinition-BodyFileName="/mailTemplates/changePassword.htm" MailDefinition-From="[email protected]" MailDefinition-Subject="Test" CssClass="noLines" ID="PasswordRecovery1" UserNameTitleText="" UserNameInstructionText="Enter User name and a new passord will be generated and mailed to the user" runat="server" SuccessText="Your password has been sent to your registered email address." SubmitButtonStyle-CssClass="button"
onsendingmail="PasswordRecovery1_SendingMail" MembershipProvider="AspNetSqlMembershipProviderF0005600">
</asp:PasswordRecovery>
<membership>
<providers>
<remove name="AspNetSqlMembershipProviderF0005600"/>
<add name="AspNetSqlMembershipProviderF0005600" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Clear" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
(Apologies in advance for resposting).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
简而言之,您必须使用成员资格存储过程来为具有散列密码的用户更改此设置。 由于密码是经过散列处理的,因此它们永远不会被恢复(除非破坏散列算法)。
请参阅http://mishler.net/PermaLink,guid,ea65afc0 -2970-46f1-9412-4b57bbd906f4.aspx。 滚动到文章末尾的“更改密码格式”部分。
在恢复页面上,您可以运行存储过程来查找格式,并在用户决定使用恢复时更改密码和格式。 但您可以更主动地更改所有哈希用户密码,并向这些用户发送电子邮件,告知其密码已重置。
Short answer is that you'll have to use membership stored procedures to change this for the users with hashed passwords. Since the passwords are hashed, they will never be recovered anyway (except for breaking the hash algorithm).
See http://mishler.net/PermaLink,guid,ea65afc0-2970-46f1-9412-4b57bbd906f4.aspx. Scroll to the section "Changing Password Format" at the end of the article.
On your recovery page you can run a stored procedure to find the format and change both the password and the format when the user decides to use recovery. But you can be more proactive and change all the hash user passwords and email those uses that their passwords have been reset.