忘记asp.net mvc 4中的密码表单

时间:2014-07-29 07:19:08

标签: c# asp.net asp.net-mvc asp.net-mvc-4

我尝试在我的asp.net mvc 4项目中实现忘记密码表单,一切正常,但当我尝试使用新密码登录系统时,它告诉我密码错误。

[HttpPost]
public ActionResult ForgetPassword(UserViewModel userModel) {
    const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    var random = new Random();
    var result = new string(
        Enumerable.Repeat(chars, 8)
                  .Select(s => s[random.Next(s.Length)])
                  .ToArray());

    User user = _userRepo.GetUserByEmail(userModel.Email);
    if (user == null) {
        ViewBag.Error = Resources.Account.userEmailNotExist;
        return View(userModel);
    }

    String newHashedPassword = Crypto.HashPassword(result);
    user.Password = newHashedPassword;
    user.LastPasswordChangedDate = DateTime.UtcNow;
    _userRepo.SaveChanges();

    string enMessage = "Your new password: " + result;

    var httpCookie = Request.Cookies["lang"];
    if (httpCookie != null && httpCookie.Value == "en") {
        _mailHelper.SendEmail(userModel.Email, "New password", enMessage);
    }

    return RedirectToAction("ConfirmPasswordChange", "Account");
}

登录表单:

[HttpPost]
public ActionResult Login(UserViewModel user) {
    var users = _userRepo.GetAllEntitiesWithParam("JobsDb_Users_GetByEmail", user.Email).FirstOrDefault();
    ...
    try {
        var tryLogin = WebSecurity.Login(users.Username, user.Password, true);
        if (tryLogin == WebSecurity.MembershipLoginStatus.Failure)
        {
            var httpCookie = Request.Cookies["lang"];
            if (httpCookie != null && httpCookie.Value == "en") {
                ViewBag.Error = "Your password is incorrect.";
                new SeoHelper().ReturnSeoTags(this, "Login");
            }
            return View(user);
        }
        ...
    } catch {
        ...
    }
}

在WebSecurity内部

public static MembershipLoginStatus Login(string username, string password, bool rememberMe) {
    if (Membership.ValidateUser(username, password)) {
        FormsAuthentication.SetAuthCookie(username, rememberMe);
        return MembershipLoginStatus.Success;
    } else {
        return MembershipLoginStatus.Failure;
    }
}

会员内

public override bool ValidateUser(string username, string password) {
    if (string.IsNullOrEmpty(username)) {
        return false;
    }
    if (string.IsNullOrEmpty(password)) {
        return false;
    }
    User user = _userRepository.GetAll().FirstOrDefault(usr => usr.Username == username);
    if (user == null) {
        return false;
    }
    if (!user.IsApproved.Value) {
        return false;
    }
    if (user.IsLockedOut.Value) {
        return false;
    }
    String hashedPassword = user.Password;
    Boolean verificationSucceeded = (hashedPassword != null && Crypto.VerifyHashedPassword(hashedPassword, password));
    if (verificationSucceeded) { //here is I have false if try to login using password from forget form
        user.PasswordFailuresSinceLastSuccess = 0;
        user.LastLoginDate = DateTime.UtcNow;
        user.LastActivityDate = DateTime.UtcNow;
    } else {
        int failures = user.PasswordFailuresSinceLastSuccess.Value;
        if (failures < MaxInvalidPasswordAttempts) {
            user.PasswordFailuresSinceLastSuccess += 1;
            user.LastPasswordFailureDate = DateTime.UtcNow;
        } else if (failures >= MaxInvalidPasswordAttempts) {
            user.LastPasswordFailureDate = DateTime.UtcNow;
            user.LastLockoutDate = DateTime.UtcNow;
            user.IsLockedOut = true;
        }
    }
    _userRepository.SaveChanges();
    if (verificationSucceeded) {
        return true;
    }
    return false;
}

2 个答案:

答案 0 :(得分:3)

第一步是打开数据库并验证新密码是否确实存在。如果有,最可能的原因是您的存储库正在处理陈旧(缓存)的数据。

如果您正在使用Entity Framework,则会发生这种情况,因为默认情况下,框架会在创建DbContext时缓存数据库的状态,因此它会保留您的原始密码。您可以使用原始密码登录来验证这一点。

答案 1 :(得分:0)

我不确定但是下面的代码对我来说不合适:

    User user = _userRepo.GetUserByEmail(userModel.Email);
    if (user == null) {
        ViewBag.Error = Resources.Account.userEmailNotExist;
        return View(userModel);
    }

    String newHashedPassword = Crypto.HashPassword(result);
    user.Password = newHashedPassword;
    user.LastPasswordChangedDate = DateTime.UtcNow;
    _userRepo.SaveChanges();

您从存储库中获取了用户,对内存中的用户对象进行了更改,然后在存储库中调用了SaveChanges()。这对你的世界有用吗? _userRepo.SaveChanges();如何知道哪个对象已更改。在通话结束后,您在DB中看到了正确的散列值吗?您在ValidateUser()方法中看到的密码值是多少?在生成散列密码和验证时,散列算法是否一致?

我可能是错的,如果是这样的话,如果你围绕我上面提到的问题分享更多的分析,那将会很好。

相关问题
最新问题