我可以在 Asp.Net 的 MembershipProvider 中配置 ResetPassword 吗?
我有一个使用默认 Sql MembershipProvider 的 C# asp.net 应用程序。我的 web.config 有一些设置控制我如何使用此提供程序:
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="5"
我遇到的问题是,当人们重置密码时,ResetPassword() 方法返回的密码似乎比我想要的长,并且包含可能令人困惑的字符 (l,1,i,I,0,O)。此外,我向用户发送一封电子邮件,其中包含纯文本消息和 HTML 消息(我使用 MailMessage 和 AlternateViews)。如果密码中包含不安全的 HTML 字符,则当电子邮件客户端呈现 HTML 文本时,密码可能会有所不同(例如 %、& 和 < 并不完全是 HTML 安全的)。
我查看了 web.config 中的“add”元素,但没有看到任何额外的配置属性仅包含 ResetPassword() 方法中的某些字符并限制密码长度。
我可以配置 ResetPassword() 方法来限制密码长度并限制它选择的字符集吗?
现在我有一个解决方法:我调用 ResetPassword() 以确保提供的答案正确,然后我使用从互联网下载的 RandomPassword 生成器 来生成一个密码我喜欢(没有歧义字符,HTML 安全,并且只有 8 个字符长),然后在重置用户密码后调用 ChangePassword() 来更改用户密码。
我的解决方法似乎很笨拙,我认为最好配置 ResetPassword() 来执行我想要的操作。
谢谢~!
科罗拉多理工学院
I have an C# asp.net app using the default Sql MembershipProvider. My web.config has a few settings that control how I'm using this Provider:
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="5"
The problem I'm running into is that when people reset their passwords, it seems the ResetPassword() method returns a password that is longer than I want and has characters that can be confusing (l,1,i,I,0,O). Furthermore, I'm sending my users an email with a plain-text message and an HTML message (I'm using MailMessage with AlternateViews). If the password has unsafe HTML characters in it, when the email clients render the HTML text the password might be different (e.g. the %, &, and < aren't exactly HTML safe).
I've looked over the "add" element that belongs in the web.config, but I don't see any extra configuration properties to only include certain characters in the ResetPassword() method and to limit the password length.
Can I configure the ResetPassword() method to limit the password length and limit the character set it is choosing from?
Right now I have a workaround: I call ResetPassword() to make sure the supplied answer is correct, and then I use a RandomPassword generator I downloaded off the internet to generate a password that I like (without ambiguous characters, HTML safe, and only 8 characters long) and then I call ChangePassword() to change the user's password after I've already reset it.
My workaround seems kludgy and I thought it would be better to configure ResetPassword() to do what I want.
Thank you~!
ColoradoTechie
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我不相信您可以做任何事情来“配置” ResetPassword() 调用。您可以编写自己的提供程序来更改 ResetPassword() 的工作方式。
已经在做的相同策略......
这个链接描述了您似乎 与你的工作/黑客可能是最简单的方法。 :-)
但是,如果您想了解有关如何创建自己的提供程序的更多信息,请查看这些链接。
http://www.asp.net/learn/videos/video-189。 aspx
http://msdn.microsoft.com/en-us /library/f1kyba5e.aspx
http://www. devx.com/asp/Article/29256/0/page/3
http:// /www.15seconds.com/issue/050216.htm
I don't believe you can do anything to "configure" the ResetPassword() call. You could write your own provider that changes how the ResetPassword() works.
This link describes the same tactic you seem to be doing already....
Staying with your work around/hack may be the simplest way to go. :-)
However, if you want to learn more on how to create your own provider check out these links.
http://www.asp.net/learn/videos/video-189.aspx
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
http://www.devx.com/asp/Article/29256/0/page/3
http://www.15seconds.com/issue/050216.htm
使用
GeneratePassword方法至少可确保创建的密码满足您对MinRequiredPasswordLength和MinRequiredNonAlphanumericCharacters的设置。我正在做这样的事情:嗯,这只是你想要的 50%,因为你无法控制用于最终密码的字符集。
(实际上,从我的角度来看,这也是更重要的方面 - 特别是如果您的用户需要 10 分钟和 3 个支持电话才能成功按下大括号的组合键,并且不知道剪贴板是什么。
ResetPassword可以让你成为最令人讨厌的人之一。)Using the
GeneratePasswordmethod ensures at least that the created password fulfills your setup forMinRequiredPasswordLengthandMinRequiredNonAlphanumericCharacters. I am doing something like this:Well, that's only 50% of what you want since you cannot control the character set used for the final password.
(Actually that's also from my viewpoint the more important aspect - especially if you have users who need 10 minutes and 3 support calls to hit the key combination of a curled bracket successfully and don't have a clue what a clipboard is.
ResetPasswordcan make you one of the most hated persons.)我知道这个问题已经得到解答,但自从我今天遇到这个问题以来,我想补充 2 美分。
SQLMembershipProvider 类公开了
名为通过 重置密码< /a>.因此,您可以简单地扩展 SQLMembershipProvider 类并实现您自己的版本 生成密码。
请注意,这样做将要求您更新 web.config 中的成员资格提供程序条目以使用新的成员资格提供程序类:
I know this has already been answered but I wanted to add my 2 cents since I came across this issue today.
The SQLMembershipProvider class exposes
which is called by ResetPassword. Therefore you can simply extend the SQLMembershipProvider class and implement your own version of GeneratePassword.
Note that doing so will require you to update the membership provider entry in your web.config to use your new membership provider class: