此asp.net密码恢复代码有错误。谁能发现它?

时间:2011-04-12 15:51:32

标签: c# asp.net asp.net-membership

我们使用电子邮件地址而不是用户ID。但是,当用户将其电子邮件地址输入密码恢复表单并提交时,该网站将返回“我们无法访问您的信息。请重试。”并用一长串字符和数字替换文本框中的电子邮件值(例如e61686cb-93a5-4737-8c40-52g8eb01bb67)。

这是相关的aspx页面代码...... 

<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
</asp:Content>

<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" 
    runat="server">

<div class="login_page">
    <div class="login_header">Password Reset</div>
    <div class="login_body">
        <asp:PasswordRecovery ID="PasswordRecovery1" runat="server" 
            onverifyinguser="PasswordRecovery1_VerifyingUser" 
            onsendingmail="PasswordRecovery1_SendingMail">
        </asp:PasswordRecovery>
    </div>
</div>
</asp:Content>

背后的代码...... 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Text.RegularExpressions;
using System.Net.Mail;
using System.Configuration;
using System.Web.Profile;
using System.Text;

namespace Sample.Web
{
    public partial class PasswordReset : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

    }

    bool IsValidEmail(string strIn)
    {
        // Return true if strIn is in valid e-mail format.
        return Regex.IsMatch(strIn, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
    }


    protected void PasswordRecovery1_VerifyingUser(object sender, LoginCancelEventArgs e)
    {
        if (IsValidEmail(PasswordRecovery1.UserName))
        {
            string username = Membership.GetUserNameByEmail(PasswordRecovery1.UserName);
            if (username != null)
            {
                PasswordRecovery1.UserName = username;
            }
            else
            {
                PasswordRecovery1.UserNameInstructionText = "We were unable to access your information. Check your user name and try again.";
                e.Cancel = true;
            }
        }
        else
        {
            PasswordRecovery1.UserNameInstructionText = "You must enter a valid e-mail address.";
            e.Cancel = true;
        }
    }

    protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
    {
        string pwd = Membership.GetUser(PasswordRecovery1.UserName).ResetPassword(PasswordRecovery1.Answer);
        string email = StorageByMail.BLL.SBMUser.SelectUser(
            StorageByMail.Data.User.GetIDFromUserName(PasswordRecovery1.UserName)).Email;

        MailMessage m = new MailMessage(ConfigurationManager.AppSettings["AdminEmail"].Trim(), email);
        m.ReplyTo = new MailAddress(ConfigurationSettings.AppSettings["AdminEmailReply"].Trim());
        StringBuilder sb = new StringBuilder();
        sb.Append("Please return to the site and log in using the following information.\n");
        sb.Append("User Name: " + email + "\n");
        sb.Append("Password: " + pwd);
        m.Body = sb.ToString();
        m.Subject = "Password reset from StorageByMail.com";

        SmtpClient o = new SmtpClient(ConfigurationManager.AppSettings["SMTPHost"].Trim());
        string smtpUser = ConfigurationSettings.AppSettings["SMTPUser"].Trim();
        string smtpPass = ConfigurationSettings.AppSettings["SMTPPassword"].Trim();

        if (smtpUser.Length > 0 && smtpPass.Length > 0)
        {
            o.Credentials = new System.Net.NetworkCredential(smtpUser, smtpPass);
        }

        o.Send(m);
        e.Cancel = true;
    }
}

}

1 个答案:

答案 0 :(得分:1)

在不了解ASP.NET成员资格的情况下,我的猜测就是行:

PasswordRecovery1.UserName = username;
// where username = Membership.GetUserNameByEmail(PasswordRecovery1.UserName);

导致您的问题。即使您说您没有在模型中使用用户名,我敢打赌ASP.NET使用GUID填充数据库中的用户名列。查看一下您的数据库,看看该GUID是否与该用户的表中的用户名列匹配。

相关问题
最新问题