如何重置&更改 MVC 中 ASP.NET 成员资格提供程序中的哈希密码

发布于 2024-11-26 09:21:14 字数 292 浏览 1 评论 0原文

我遇到了代码：

MembershipUser u = Membership.GetUser();
u.ChangePassword(u.ResetPassword(), "Password"); //where will I get the "Password" from

我不明白我将如何由于用户忘记了旧密码，因此获取客户端密码。我想添加一个重置功能，它将生成一个随机密码并向特定客户端发送一封电子邮件，其中包含用户 ID 和随机生成的密码。之后他/她就可以更改密码。

原文

I came accross the code :

MembershipUser u = Membership.GetUser();
u.ChangePassword(u.ResetPassword(), "Password"); //where will I get the "Password" from

I dont understand how I will
get the client password as the user has forgotten his old password.
I want to add a reset functionality which would generate a random password and
send an email to the particular client which will have the userid and the random generated password. After he/she would be able to change the password.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

若有似无的小暗淡 2024-12-03 09:21:14

您可以使用 Membership 生成这样的随机密码GeneratePassword 方法

string password = System.Web.Security.Membership.GeneratePassword(14, 0);

如果您需要创建自己的盐并散列一个新密码，这里是一个与会员代码大致相同的实现：

public class Cryptographer : ICryptographer
{
    #region ICryptographer Members

    public string CreateSalt()
    {
        byte[] data = new byte[0x10];
        new RNGCryptoServiceProvider().GetBytes(data);
        return Convert.ToBase64String(data);
    }

    /// <summary>
    /// Hash the password against the salt
    /// </summary>
    /// <param name="pass">Plain password</param>
    /// <param name="salt">Salt string</param>
    /// <returns>Encrypted password</returns>
    public string HashPassword(string password, string salt)
    {
        byte[] bytes = Encoding.Unicode.GetBytes(password);
        byte[] src = Convert.FromBase64String(salt);
        byte[] dst = new byte[src.Length + bytes.Length];
        byte[] inArray = null;
        Buffer.BlockCopy(src, 0, dst, 0, src.Length);
        Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
        HashAlgorithm algorithm = HashAlgorithm.Create(System.Web.Security.Membership.HashAlgorithmType);
        inArray = algorithm.ComputeHash(dst);
        return Convert.ToBase64String(inArray);
    }

    #endregion
}

You can generate a random password like this using the Membership GeneratePassword method

string password = System.Web.Security.Membership.GeneratePassword(14, 0);

If you need to create your own salt and hash a new password, here is an implementation which does much the same as the membership code:

public class Cryptographer : ICryptographer
{
    #region ICryptographer Members

    public string CreateSalt()
    {
        byte[] data = new byte[0x10];
        new RNGCryptoServiceProvider().GetBytes(data);
        return Convert.ToBase64String(data);
    }

    /// <summary>
    /// Hash the password against the salt
    /// </summary>
    /// <param name="pass">Plain password</param>
    /// <param name="salt">Salt string</param>
    /// <returns>Encrypted password</returns>
    public string HashPassword(string password, string salt)
    {
        byte[] bytes = Encoding.Unicode.GetBytes(password);
        byte[] src = Convert.FromBase64String(salt);
        byte[] dst = new byte[src.Length + bytes.Length];
        byte[] inArray = null;
        Buffer.BlockCopy(src, 0, dst, 0, src.Length);
        Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
        HashAlgorithm algorithm = HashAlgorithm.Create(System.Web.Security.Membership.HashAlgorithmType);
        inArray = algorithm.ComputeHash(dst);
        return Convert.ToBase64String(inArray);
    }

    #endregion
}

回复收藏 0 原文