更新aspnet会员密码答案

时间:2012-04-20 12:30:00

标签: c# asp.net security hash asp.net-membership

我将在aspnet_Membership中更新安全问题和答案。通常由代码完成:

 user.ChangePasswordQuestionAndAnswer(password, question, answer);

但我不知道密码。我发现有一个默认的存储过程。存储过程是:

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF
GO
ALTER PROCEDURE [dbo].[aspnet_Membership_ChangePasswordQuestionAndAnswer]
    @ApplicationName       nvarchar(256),
    @UserName              nvarchar(256),
    @NewPasswordQuestion   nvarchar(256),
    @NewPasswordAnswer     nvarchar(128)
AS
BEGIN
   DECLARE @UserId uniqueidentifier
   SELECT  @UserId = NULL
   SELECT  @UserId = u.UserId
   FROM    dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
   WHERE   LoweredUserName = LOWER(@UserName) AND
        u.ApplicationId = a.ApplicationId  AND
        LOWER(@ApplicationName) = a.LoweredApplicationName AND
        u.UserId = m.UserId
   IF (@UserId IS NULL)
   BEGIN
      RETURN(1)
   END

   UPDATE dbo.aspnet_Membership
     SET    PasswordQuestion = @NewPasswordQuestion, PasswordAnswer = @NewPasswordAnswer
    WHERE  UserId=@UserId
   RETURN(0)
   END

但是我刚才发现答案是明确的。如何使用存储过程并对其进行散列?

感谢。

1 个答案:

答案 0 :(得分:2)

如果您有权访问该用户,则可以在使用Membership方法之前更改其密码:

public virtual bool ChangePassword(string oldPassword, string newPassword)

你可以尝试

string newPassword = user.ResetPassword();
user.ChangePassword(newPassword, "SOMENEWPASSWORD");

然后做

user.ChangePasswordQuestionAndAnswer("SOMENEWPASSWORD", question, answer);
相关问题
最新问题