ASP.NET Membership ChangePassword控件 – 需要检查以前的密码
我有一个新表,其中包含旧密码,我需要检查是否有匹配。
如果匹配,我需要ChangePassword控件不要更改密码。 我需要告诉用户这个密码已被使用并且是一个新密码。
我似乎无法通过更改密码来中断控制。 也许我正在使用错误的事件。
这是我的一段代码,或者我希望它如何工作。 我感谢你的帮助。
protected void ChangePassword1_ChangedPassword(object sender, EventArgs e) { MembershipUser user = Membership.GetUser(); string usrName = ""; if (user != null) { string connStr = ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString; SqlConnection mySqlConnection = new SqlConnection(connStr); SqlCommand mySqlCommand = mySqlConnection.CreateCommand(); mySqlCommand.CommandText = "Select UserName from OldPasswords where UserName = 'test'"; mySqlConnection.Open(); SqlDataReader mySqlDataReader = mySqlCommand.ExecuteReader(CommandBehavior.Default); while (mySqlDataReader.Read()) { usrName = mySqlDataReader["UserName"].ToString(); if (usrName == user.ToString()) { Label1.Text = "Match"; } else { Label1.Text = "NO Match!"; } } 史蒂夫,你压倒了错误的方法。 您想要覆盖可取消的ChangingPassword 。
试试这个:
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e) { // do your lookup here, bool passwordHasBeenPreviouslyUsed = true; if (passwordHasBeenPreviouslyUsed) { e.Cancel = true; // notify of error return; } }
而且,根据之前的Q / A会话,您永远不应该存储用户的密码1 。 转到成员资格表并获取salt并使用它来散列传入密码以与已存储在查找表中的已经盐散列值进行比较。
祝好运。
(1) – 当首席执行官发现他的密码以可利用的格式存储时,您的职位将如何成立? 我们对黑人法师有一定程度的信任,而且信任承担着自己的风险。 注意它们。 😉
编辑 :
一个工作的例子:
为ChangePassword.aspx
<%@ Page Language="C#" %> <%@ Import Namespace="System.Diagnostics"%>
更新 :您可能还有兴趣在更高的范围内定义一个处理所有密码活动的处理程序:
考虑一下
public void SetupPasswordActionHook() { //Occurs when a user is created, a password is changed, or a password is reset. Membership.ValidatingPassword += Membership_ValidatingPassword; } void Membership_ValidatingPassword(object sender, ValidatePasswordEventArgs e) { // Gets a value that indicates whether the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a // call to the System.Web.Security.MembershipProvider.CreateUser() method. // true if the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a call to the // System.Web.Security.MembershipProvider.CreateUser() method; otherwise, false. bool isNewUser = e.IsNewUser; // Gets the password for the current create-user, change-password, or reset-password action. // The password for the current create-user, change-password, or reset-password action. string password = e.Password; // Gets the name of the membership user for the current create-user, change-password, or reset-password action. // The name of the membership user for the current create-user, change-password, or reset-password action. string username = e.UserName; // Gets or sets a value that indicates whether the current create-user, change-password, or reset-password action will be canceled. // true if the current create-user, change-password, or reset-password action will be canceled; otherwise, false. The default is false. e.Cancel = true; // Gets or sets an exception that describes the reason for the password-validation failure. // An System.Exception that describes the reason for the password-validation failure. e.FailureInformation = new Exception("This is why I failed your password"); }