ASP.NET 密码恢复控制 - 即使提供了错误的答案,也始终“成功”
本文关键字:答案 成功 错误 控制 恢复 密码 NET ASP | 更新日期: 2023-09-27 18:37:22
>我正在使用一个始终重置密码的 PasswordRecovery 控件,即使用户提供的答案不正确。 它似乎没有触发"OnAnswerLookupError"事件。 有没有人遇到过这种情况或知道我做错了什么?
非常简单的代码,我将把它粘贴到下面。 它唯一真正的自定义是让被锁定的用户重置密码(根据我们客户的要求):
<%@ Page Title="Password Recovery" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"
CodeBehind="PasswordRecovery.aspx.cs" Inherits="OurApp.UI.Account.PasswordRecovery" %>
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
</asp:Content>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
<h2>
Password Recovery
</h2>
<p>
Follow instructions to reset your password.
</p>
<asp:Label ID="lblMessage" runat="server" Font-Bold="true" ForeColor="red" />
<asp:PasswordRecovery SuccessText="Your password was successfully reset and emailed to you."
OnAnswerLookupError="UserLookupError"
OnUserLookupError="UserLookupError"
OnVerifyingUser="UserCheck"
QuestionFailureText="Incorrect answer. Please try again." runat="server" ID="RecoveryInput"
UserNameFailureText="Username not found."
OnSendingMail="RecoveryInput_SendingMail">
<MailDefinition IsBodyHtml="false" BodyFileName="~/Account/email.ascx"
From="DoNotReply@ourdomain.com"
Subject="Our App - Password Reset"
Priority="High">
</MailDefinition>
<UserNameTemplate>
<asp:Panel ID="pnl1" runat="server" DefaultButton="submit">
<dl>
<dd>User Name</dd>
<dd>
<asp:TextBox ID="Username" runat="server" AUTOCOMPLETE="OFF" />
</dd>
<dt></dt>
<dd>
<asp:Button ID="submit"
CausesValidation="true"
ValidationGroup="PWRecovery"
runat="server"
CommandName="Submit"
Text="Submit" />
</dd>
<dt></dt>
<dd>
<p class="Error"><asp:Literal ID="ErrorLiteral"
runat="server"></asp:Literal>
</p>
</dd>
</dl>
</asp:Panel>
</UserNameTemplate>
<QuestionTemplate>
<asp:panel ID="pnl1" runat="server" DefaultButton="submit">
Hello
<asp:Literal runat="server" ID="personname" />,
<p>
You must answer your recovery question in order to have a new email sent to you.
</p>
<dl>
<dt>Question:</dt>
<dd>
<asp:Literal runat="server" ID="Question" />
</dd>
<dt></dt>
<dt>Answer:</dt>
<dd>
<asp:TextBox runat="server" ID="Answer" AUTOCOMPLETE="OFF" />
</dd>
<dt></dt>
<dd>
<asp:Button runat="server" ID="submit"
Text="Submit" CommandName="submit" />
</dd>
<dt></dt>
<dd>
<p class="Error">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</p>
</dd>
</dl>
</asp:panel>
</QuestionTemplate>
</asp:PasswordRecovery>
<asp:HyperLink NavigateUrl="~/Account/Login.aspx" runat="server">Login</asp:HyperLink>
</asp:Content>
public partial class PasswordRecovery : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
lblMessage.Text = string.Empty;
}
protected void UserCheck(object sender, EventArgs e)
{
MembershipUser mu = Membership.GetUser(RecoveryInput.UserName);
if (mu == null)
{
UserLookupError(sender, e);
return;
}
if (mu.IsLockedOut)
{
//UserLookupError(sender, e);
//return;
mu.UnlockUser();
}
}
protected void UserLookupError(object sender, EventArgs e)
{
lblMessage.Text = "There was a problem resetting your password. Please contact your Administrator or Account Executive for assistance.";
}
protected void RecoveryInput_SendingMail(object sender, MailMessageEventArgs e)
{
try
{
MembershipUser mu = Membership.GetUser(RecoveryInput.UserName);
mu.Comment = "MustChangePassword";
Membership.UpdateUser(mu);
}
catch (Exception ex)
{
Utilities.ErrorHandling.HandleError(ex);
lblMessage.Text = "There was a problem resetting your password. Please contact your administrator.";
}
}
}
问题几乎
可以肯定是因为您使用的是母版页。将此页放入其自己的页面中,不带母版页,然后重试,它应该可以工作。
更新:这最终是由于 SqlMembership 提供程序的内部实现以及无法捕获aspnet_Membership_ResetPassword存储过程的返回代码。 这不是 ASP.NET 本身的问题。 由于我们必须访问这个存储的过程(想想洋葱的层)的方式 - 这对我来说并不明显。 这个问题可以结束了!