ASP.NET 会员在不知道旧密码的情况下更改密码

发布于 2024-10-17 09:11:13 字数 161 浏览 7 评论 0原文

评估方法签名时,更改密码时需要知道旧密码。

membershipUser.ChangePassword(userWrapper.OldPassword, userWrapper.Password)

有没有办法在不知道旧密码的情况下更改密码。

Evaluting the method signature, it is required to know old password while changing it.

membershipUser.ChangePassword(userWrapper.OldPassword, userWrapper.Password)

Is there any way to change password without knowing old one.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(10

十年九夏 2024-10-24 09:11:13
 string username = "username";
 string password = "newpassword";
 MembershipUser mu = Membership.GetUser(username);
 mu.ChangePassword(mu.ResetPassword(), password);
 string username = "username";
 string password = "newpassword";
 MembershipUser mu = Membership.GetUser(username);
 mu.ChangePassword(mu.ResetPassword(), password);
花间憩 2024-10-24 09:11:13

这里的其他答案是正确的,但可能会使密码处于未知状态。

如果密码不满足 Web.Config 中规定的要求(最小长度等),ChangePassword 将引发异常。但只有在调用 ResetPassword 后它才会失败,因此原始用户或尝试更改密码的人不会知道密码。在更改密码之前检查复杂性要求以避免出现这种情况:

var user = Membership.GetUser(userName, false);

if ((newPassword.Length >= Membership.MinRequiredPasswordLength) &&
    (newPassword.ToCharArray().Count(c => !Char.IsLetterOrDigit(c)) >=
         Membership.MinRequiredNonAlphanumericCharacters) &&
    ((Membership.PasswordStrengthRegularExpression.Length == 0) ||
         Regex.IsMatch(newPassword, Membership.PasswordStrengthRegularExpression))) {

    user.ChangePassword(user.ResetPassword(), newPassword);
} else {
    // Tell user new password isn't strong enough
}

The other answers here are correct, but can leave the password in an unknown state.

ChangePassword will throw exceptions if the password doesn't meet the requirements laid out in Web.Config (minimum length, etc.). But it only fails after ResetPassword has been called, so the password will not be known to the original user or to the person who's tried to change it. Check for complexity requirements before changing the password to avoid this:

var user = Membership.GetUser(userName, false);

if ((newPassword.Length >= Membership.MinRequiredPasswordLength) &&
    (newPassword.ToCharArray().Count(c => !Char.IsLetterOrDigit(c)) >=
         Membership.MinRequiredNonAlphanumericCharacters) &&
    ((Membership.PasswordStrengthRegularExpression.Length == 0) ||
         Regex.IsMatch(newPassword, Membership.PasswordStrengthRegularExpression))) {

    user.ChangePassword(user.ResetPassword(), newPassword);
} else {
    // Tell user new password isn't strong enough
}
何必那么矫情 2024-10-24 09:11:13

更改用户密码之前需要重置用户密码,并将生成的密码传入ChangePassword

string randompassword = membershipUser.ResetPassword();
membershipUser.ChangePassword(randompassword , userWrapper.Password)

或内联:

membershipUser.ChangePassword(membershipUser.ResetPassword(), userWrapper.Password)

You need to reset the user's password before changing it, and pass in the generated password to ChangePassword.

string randompassword = membershipUser.ResetPassword();
membershipUser.ChangePassword(randompassword , userWrapper.Password)

or inline:

membershipUser.ChangePassword(membershipUser.ResetPassword(), userWrapper.Password)
软糖 2024-10-24 09:11:13

尝试使用 SimpleMembershipProvider 它更容易:

var token = WebSecurity.GeneratePasswordResetToken("LoginOfUserToChange");
WebSecurity.ResetPassword(token, "YourNewPassword");

Try to use SimpleMembershipProvider it's easier:

var token = WebSecurity.GeneratePasswordResetToken("LoginOfUserToChange");
WebSecurity.ResetPassword(token, "YourNewPassword");
∝单色的世界 2024-10-24 09:11:13

请注意,只有在会员系统配置中将 RequiresQuestionAndAnswer 属性设置为 false 时,所有这些提到的解决方案才会起作用。如果 RequiresQuestionAndAnswer 为 true,则 ResetPassword 方法需要传递安全答案,否则将引发异常。

如果您需要将 RequiresQuestionAndAnswer 设置为 true,您可以使用此 解决方法

Please note, all these mentioned solutions will only work if the RequiresQuestionAndAnswer property is set to false in Membership system configuration. If RequiresQuestionAndAnswer is true then the ResetPassword method needs to be passed the security answer, otherwise it will throw an exception.

In case you need RequiresQuestionAndAnswer set to true, you can use this workaround

萌︼了一个春 2024-10-24 09:11:13

上面帖子中提到的这段代码正在工作:

string username = "username";
string password = "newpassword";
MembershipUser mu = Membership.GetUser(username);
mu.ChangePassword(mu.ResetPassword(), password);

但是您必须在会员提供程序标记中的 web.config 中设置 requireQuestionAndAnswer="false" 。如果为 true,resetpassword 方法会生成错误“值不能为空”。
在这种情况下,您必须提供问题答案作为 ResetPassword 的参数。

This code mentioned on posts above is working:

string username = "username";
string password = "newpassword";
MembershipUser mu = Membership.GetUser(username);
mu.ChangePassword(mu.ResetPassword(), password);

But you have to set requiresQuestionAndAnswer="false" in web.config in membership provider tag. If it is true, resetpassword method generate an error "Value can not be null".
In this case you must supply question answer as parameter to ResetPassword.

九厘米的零° 2024-10-24 09:11:13

使用文本框中您要设置的密码代替 123456。

 MembershipUser user;     
 user = Membership.GetUser(userName,false);
 user.ChangePassword(user.ResetPassword(),"123456");

Use the password you want to set from textbox in place of 123456.

 MembershipUser user;     
 user = Membership.GetUser(userName,false);
 user.ChangePassword(user.ResetPassword(),"123456");
青春有你 2024-10-24 09:11:13

@Rob Church 是对的:

这里的其他答案是正确的,但可以将密码留在
未知状态。

但是,我不会尝试使用 ResetPassword from token 方法更改密码,并捕获并显示错误,而不是手动进行验证的解决方案:

var user = UserManager.FindByName(User.Identity.Name);
string token = UserManager.GeneratePasswordResetToken(user.Id);
var result = UserManager.ResetPassword(user.Id, token, model.Password);
if (!result.Succeeded){
    // show error
}

@Rob Church is right:

The other answers here are correct but can leave the password in an
unknown state.

However, instead of his solution to do the validation by hand, I would try to change the password using the ResetPassword from token method and catch and show the error:

var user = UserManager.FindByName(User.Identity.Name);
string token = UserManager.GeneratePasswordResetToken(user.Id);
var result = UserManager.ResetPassword(user.Id, token, model.Password);
if (!result.Succeeded){
    // show error
}
国际总奸 2024-10-24 09:11:13
string username = "UserName";
string userpassword = "NewPassword";
string resetpassword;
    
MembershipUser mu = Membership.GetUser(username, false);

if (mu == null){
    Response.Write("<script>alert('Invalid Username!')</script>"); 
}

else{
    resetpassword = mu.ResetPassword(username);
    if (resetpassword != null){
         if (mu.ChangePassword(resetpassword, userpassword)){
             Response.Write("<script>alert('Password changed successfully!')</script>"); 
         }
    }
    else{
           Response.Write("<script>alert('Oh some error occurred!')</script>"); 
        }
    }
string username = "UserName";
string userpassword = "NewPassword";
string resetpassword;
    
MembershipUser mu = Membership.GetUser(username, false);

if (mu == null){
    Response.Write("<script>alert('Invalid Username!')</script>"); 
}

else{
    resetpassword = mu.ResetPassword(username);
    if (resetpassword != null){
         if (mu.ChangePassword(resetpassword, userpassword)){
             Response.Write("<script>alert('Password changed successfully!')</script>"); 
         }
    }
    else{
           Response.Write("<script>alert('Oh some error occurred!')</script>"); 
        }
    }
維他命╮ 2024-10-24 09:11:13
 string username = "UserName";
 string userpassword = "NewPassword";   
 MembershipUser mu = Membership.GetUser(username, false);
 mu.ChangePassword(mu.ResetPassword(username), userpassword);
 string username = "UserName";
 string userpassword = "NewPassword";   
 MembershipUser mu = Membership.GetUser(username, false);
 mu.ChangePassword(mu.ResetPassword(username), userpassword);
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文