在 ASP.NET 中重置密码时出现问题

发布于 2024-07-27 19:08:03 字数 151 浏览 9 评论 0原文

我正在开发一个应用程序,我应该为忘记密码的用户设计一个页面,并向他们发送新密码的电子邮件。 我正在使用 ASP.NET 会员资格,密码格式应进行哈希处理。

我的问题是当发送邮件失败,密码被更改时,哇! 没有工作可以做。

你的解决方案是什么?

I am developing an app which I should design a page for users who forget passwords and send email to them the new passwords. I am using ASP.NET Membership and password format should be hashed.

My problem is when sending mail has been failed, password has been changed and wow! no work can be done.

what is your solution?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

人生戏 2024-08-03 19:08:04

您应该向用户发送一封带有链接的电子邮件,他们可以在其中确认密码重置(否则您可以通过猜测其他用户的电子邮件来重置密码)。 然后,在链接页面上,用户将确认密码重置(甚至自行更改)。

但最好不要以任何方式发送密码。 这是最安全的。

流程

  1. 用户通过电子邮件请求重置密码。
  2. 他们收到一封带有链接的电子邮件
  3. ,他们单击该链接并提供一个新密码,该密码会立即进行哈希处理并存储在系统中。

You should send users an email with a link, where they can confirm password reset (otherwise you could reset passwords to other users by guessing their emails). On the linked page users would then confirm password reset (or even change it themselves).

But it's a better practice not to send passwords in any way shape or form. It's the most secure.

The process

  1. Users request password reset by their email.
  2. They receive an email with a link
  3. Theyclick the link and provide a new password that gets hashed right away and stored in the system.
浅紫色的梦幻 2024-08-03 19:08:04

您可以临时设置 受影响的用户的passwordFormat值在aspnet_Membership表中“清除”,为他们分配一个密码,然后努力让电子邮件正常工作。

将 aspnet_Membership.passwordFormat 值设置为 0 会将格式更改为明文,这意味着它未加密。 不安全,但允许登录。 之后,您可以重置密码,密码将更改回 2(已加密)。

替代文本

You could temporarily set the passwordFormat value for affected users to "Clear" in the aspnet_Membership table, assign them a password, and then work on getting the e-mail working.

Setting the aspnet_Membership.passwordFormat value to 0 changes the format to Clear text, which means it's not encrypted. It's not secure, but will allow login. After that, you can reset the password and it'll be changed back to 2 (Encrypted).

alt text

暮倦 2024-08-03 19:08:04

用户应该再次更改密码,希望电子邮件能够成功。

如果他们输入的地址不正确,他们应该联系可以更正其电子邮件地址的管理员。

The user should change their password again, and hopefully the email will succeed.

If they entered an incorrect address, they should contact an administrator who can correct their email address.

つ可否回来 2024-08-03 19:08:04

如果可以在实际将更改提交到数据库之前判断电子邮件是否已成功发送,那么这将是一个不错的选择。 情况并非总是如此,但也许它适合您的应用程序。

根据我的经验,如果电子邮件发送失败,ASP 通常会抛出异常。 如果发生这种情况,请不要在数据库中执行任何操作,如果邮件成功,请更改密码。 这并不意味着他们会收到电子邮件,但无论如何您都无法解决电子邮件传输过程中出现的问题。 失败后将应用上述选项。 ;)

If it is possible to tell if an e-mail is successfully sent before you actually commit the change to the database this would be a good option. This isn't always the case, but maybe it could work for your application.

Usually with my experience ASP will thrown an exception if the e-mail fails. If this happens don't do anything in the DB, if the mail goes through then change the password. That doesn't mean they will get the e-mail but you can't account for problems during travel of the e-mail anyway. The option above would apply after this fails. ;)

小嗲 2024-08-03 19:08:04

我不知道asp.net中是否支持这样的功能。

但是,某些网站会向您发送一封电子邮件,其中包含可供点击的链接(该链接将在几天后过期)。 单击哪个,将确保您承诺执行该操作(即,仅在他们收到电子邮件并单击收到的链接后才更改密码)。

I don't know the support for such a feature in asp.net.

But, some website send you an email with a link to click (that expires in some days). Clicking which, will make sure you are committing to that action (i.e. password is changed only after they receive email & click the link they received).

药祭#氼 2024-08-03 19:08:04

如果电子邮件不起作用,ASP.NET 还支持通过问题和秘密答案方法恢复密码。

ASP.NET also supports the question and secret answer approach to password recovery if email doesnt work.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文