ASP.NET MVC和身份 - 重置密码不起作用
[英]ASP.NET MVC and Identity - Reset password doesn't work
问题描述
I have problem with resetting password for user account. 
我有重置用户帐户密码的问题。 I am using Microsoft way to do it, but it's just not working. 我使用微软的方式来做到这一点,但它只是没有用。 Here is the code that I use to generate reset password token 这是我用来生成重置密码令牌的代码
var resetPasswordToken = new ResetPasswordToken
{
Id = Guid.NewGuid().ToString(),
Token = UserManager.GeneratePasswordResetToken(user.Id),
User = user,
ValidFrom = DateTime.Now,
ValidTo = DateTime.Now.AddMinutes(ApplicationConstants.SettingsResetPasswordTokensValidTimeInMinutes)
};
_resetPasswordTokensRepository.Insert(resetPasswordToken);
_resetPasswordTokensRepository.Save();
var email = new ResetPasswordEmailModel
{
ResetPasswordToken = resetPasswordToken,
User = user
};
IUserMailer mailer = new UserMailer();
mailer.ResetPassword(email).Send();
That works fine, I have the token in database and I send it to user via email. 这很好,我在数据库中有令牌,我通过电子邮件发送给用户。 Then user has to click the link. 然后用户必须单击该链接。 Here is how I generate new password and replace old password with the new one in database. 这是我如何生成新密码并用数据库中的新密码替换旧密码。
var resetPasswordToken = _resetPasswordTokensRepository.GetByEmailAndToken(email, code);
var newPassword = Membership.GeneratePassword(10, 2);
var result = await UserManager.ResetPasswordAsync(user.Id, resetPasswordToken.Token, newPassword);
if (result.Succeeded)
{
_resetPasswordTokensRepository.Remove(resetPasswordToken);
_usersRepository.Save();
var model = new NewPasswordEmailModel
{
User = user,
Password = newPassword
};
IUserMailer mailer = new UserMailer();
mailer.NewPassword(model).Send();
}
And this also works. 这也有效。 I mean it changes password in database and sends it to user via email. 我的意思是它更改数据库中的密码并通过电子邮件发送给用户。 The problem is user can not login with the new password or with the old password. 问题是用户无法使用新密码或旧密码登录。 I did not show it here, but I check if both token and user exist in database. 我没有在这里显示它,但我检查令牌和用户是否都存在于数据库中。
What am I doing wrong? 我究竟做错了什么?
1 个解决方案
解决方案1
3 2015-01-02 20:58:14
Despite that you already found the issue, I'll try to point in a better direction. 尽管你已经发现了这个问题,但我会尝试指出一个更好的方向。
What you describe is not a "Microsoft" way.
你所描述的不是“微软”的方式。 First time I see something like that. 我第一次看到这样的东西。 Is this part of a template? 这是模板的一部分吗? Open Visual Studio 2013 and create a new MVC project with Individual Accounts - this will give you the "Microsoft" way. 打开Visual Studio 2013并使用个人帐户创建一个新的MVC项目 - 这将为您提供“Microsoft”方式。 You save the token in you DB.
您将令牌保存在DB中。 No need for that. 没必要。 Token should be emailed to a user as a link and then clicked by user and this way the token will be passed to the controller where you reset the email. 令牌应作为链接通过电子邮件发送给用户,然后由用户单击,这样令牌将被传递到您重置电子邮件的控制器。 You generate a new password for user.
您为用户生成新密码。 Don't do that - let users pick their own password. 不要这样做 - 让用户选择自己的密码。 And you use Membershipfor that - bad practice to mix Identity and MembershipProvider.并且您使用Membership- 混合Identity和MembershipProvider的不良做法。 MebershipProvider is very invasive and tries to take over when it can.MebershipProvider非常具有侵略性,并试图在可能的情况下接管。 Possibly it can cause issues later down the lifetime. 可能它会在以后的生命周期中引起问题。 You email the password to a user.
您将密码通过电子邮件发送给用户。 Very bad security practice. 非常糟糕的安全实践。 Email is not a secure channel. 电子邮件不是安全的渠道。 Let the user pick their new password on your web-page and don't ever email the passwords. 让用户在您的网页上选择他们的新密码,不要通过电子邮件发送密码。
Highly recommended article by Troy Hunt about password resetting - a very worthy reading if you work with passwords. Troy Hunt强烈推荐的关于密码重置的文章 - 如果您使用密码,这是非常有价值的读物。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.