ASP.NET Membership中可以更改的用户信息
来源:互联网 发布:数据报表格式 编辑:程序博客网 时间:2024/05/17 03:01
1、Username:直接改Users表(明文)
2、Password:利用存储过程强重置密码。[aspnet_Membership_SetPassword]
public stringGenerateSalt()
{
byte[]data = new byte[0x10];
newSystem.Security.Cryptography.RNGCryptoServiceProvider().GetBytes(data);
return Convert.ToBase64String(data);
}///<summary>
///哈t希¡ê密¨¹码?加¨®密¨¹(不?可¨¦还1原-)
///</summary>
///<paramname="s">原-始º?字Á?符¤?串ä?</param>
///<paramname="saltKey">Salt加¨®密¨¹字Á?符¤?串ä?</param>
///<paramname="hashName">加¨®密¨¹格?式º?(MD5, SHA1, SHA256, SHA384,SHA512.)</param>
///<returns>加¨®密¨¹过y的Ì?密¨¹码?</returns>
public stringEncryptToHashString(string s,string saltKey, stringhashName)
{
byte[]src = System.Text.Encoding.Unicode.GetBytes(s);
byte[]saltbuf = Convert.FromBase64String(saltKey);
byte[]dst = new byte[saltbuf.Length+ src.Length];
byte[] inArray = null;
System.Buffer.BlockCopy(saltbuf,0, dst, 0, saltbuf.Length);
System.Buffer.BlockCopy(src,0, dst, saltbuf.Length, src.Length);
System.Security.Cryptography.HashAlgorithm algorithm =
System.Security.Cryptography.HashAlgorithm.Create(hashName);
inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
protected voidButton7_Click(object sender, EventArgs e)
{
stringnewpw = TextBox6.Text;
if (newpw.Length == 0)
{
Label7.Text = "请?输º?入¨?新?密¨¹码?";
return;
}
stringconnStr = cc.TSConnectionString;
//=== 产¨²生¦¨²加¨®密¨¹用®?的Ì?密¨¹码?密¨¹钥? ===
stringsalt = GenerateSalt();
//=== 将?明¡Â码?密¨¹码?加¨®密¨¹(此ä?时º¡À密¨¹码?为a"P@ssw0rd"当Ì¡À然¨?也°2可¨¦随?机¨²数ºy生¦¨²成¨¦) ===
//web.config\membership\providor中D配?置?的Ì?passwordFormat="Hashed"即¡ä为aSHA1哈t希¡ê算?法¤¡§
stringpassword = EncryptToHashString(newpw, salt,"SHA1");
System.Data.SqlClient.SqlConnection conn =newSystem.Data.SqlClient.SqlConnection(connStr);
conn.Open();
//=== 在¨²此ä?我¨°们?呼?叫D Membership 提¬¨¢供?者?数ºy据Y库a里¤?的Ì?预¡è存ä?程¨¬序¨°来¤¡ä重?置?密¨¹码? ===
System.Data.SqlClient.SqlCommand cmd =newSystem.Data.SqlClient.SqlCommand("aspnet_Membership_SetPassword", conn);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
//=== 目?前¡ã使º1用®? Membership 提¬¨¢供?者?的Ì? web 应®|用®?程¨¬序¨°名?称? ===
cmd.Parameters.Add("@ApplicationName",System.Data.SqlDbType.NVarChar,255).Value=System.Web.Security.Membership.ApplicationName;
//=== 要°a重?置?密¨¹码?的Ì?用®?户¡ì账?号? ===
cmd.Parameters.Add("@UserName",System.Data.SqlDbType.NVarChar,255).Value= username;
//=== 加¨®密¨¹过y的Ì?密¨¹码? ===
cmd.Parameters.Add("@NewPassword",System.Data.SqlDbType.NVarChar,255).Value= password;
//=== 密¨¹码?加¨®密¨¹密¨¹钥?(定¡§和¨ª使º1用®?加¨®密¨¹密¨¹码?的Ì?密¨¹钥?样¨´,ê?不?要°a再¨´重?新?产¨²生¦¨²) ===
cmd.Parameters.Add("@PasswordSalt", System.Data.SqlDbType.NVarChar, 255).Value = salt;
//=== 重?置?密¨¹码?的Ì?时º¡À间? ===
cmd.Parameters.Add("@CurrentTimeUtc",System.Data.SqlDbType.DateTime).Value=DateTime.Now;
//=== 密¨¹码?加¨®密¨¹的Ì?格?式º?(此ä?时º¡À是º?Hash1,ê?注Á¡é意°a传ä?入¨?参?数ºy是º?int型¨ª态¬?。¡ê) ===
cmd.Parameters.Add("@PasswordFormat", System.Data.SqlDbType.NVarChar, 255).Value =System.Web.Security.Membership.Provider.PasswordFormat.GetHashCode();
//=== 宣?告?个?可¨¦以°?接¨®收º?回?传ä?值¦Ì得Ì?参?数ºy ===
System.Data.SqlClient.SqlParameter returnValue =new System.Data.SqlClient.SqlParameter();
returnValue.ParameterName = "returnValue";
returnValue.Direction = System.Data.ParameterDirection.ReturnValue;
cmd.Parameters.Add(returnValue);
//=== 执¡ä行D预¡è存ä?程¨¬序¨° ===
cmd.ExecuteNonQuery();
conn.Close();
//=== 检¨¬查¨¦重?置?密¨¹码?是º?否¤?成¨¦功| ===
if(returnValue.Value.ToString() =="0")
{
Label7.Text = "修T改?密¨¹码?成¨¦功|";
cc.WriteOperationLog(User.Identity.Name,"重?置?用®?户¡ì《?" + username + "》¡¤的Ì?密¨¹码?为a" + newpw);
}
else
Label7.Text = "修T改?密¨¹码?失º¡ì败㨹!!";
}
3、PasswordQuestion:直接改[aspnet_Membership]
cmd.CommandText = "UPDATE [TravelService].[dbo].[aspnet_Membership]"+
"SET [PasswordQuestion] = @passwordQuestion "+
"WHERE [UserId] = "+
"(SELECT aspnet_Membership.UserId as id "+
" FROM aspnet_Membership INNER JOINaspnet_Users "+
" ON aspnet_Membership.UserId =aspnet_Users.UserId "+
" WHERE (aspnet_Users.UserName = @username))";
这是以用户名username为已知条件,修改密码问题。
4、PasswordQuestionAnswer:利用存储过程强改
[aspnet_Membership_ChangePasswordQuestionAndAnswer]
或直接加密密码答案然后写入表[aspnet_Membership]中
protected voidButton9_Click(object sender, EventArgs e)
{
stringnewpw = TextBox8.Text;
if(newpw.Length == 0)
{
Label10.Text = "请?输º?入¨?新?密¨¹码?";
return;
}
stringconnStr = cc.TSConnectionString;
//=== 产¨²生¦¨²加¨®密¨¹用®?的Ì?密¨¹码?密¨¹钥? ===
stringsalt = "";
System.Data.SqlClient.SqlConnection conn =newSystem.Data.SqlClient.SqlConnection(connStr);
System.Data.SqlClient.SqlCommand cmd =newSystem.Data.SqlClient.SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "SELECT aspnet_Membership.PasswordSalt "+
"FROM aspnet_Membership INNER JOIN aspnet_Users "+
"ON aspnet_Membership.UserId = aspnet_Users.UserId "+
" WHERE(aspnet_Users.UserName = @username)";
cmd.Parameters.Add("@username", System.Data.SqlDbType.NVarChar, 255).Value = username;
intcount = 0;
stringpasswordQA;
try
{
conn.Open();
salt = (string)cmd.ExecuteScalar();
if(salt.Length <= 0)
{
Label10.Text = "未¡ä找¨°到Ì?用®?户¡ì" + username + "的Ì?密¨¹钥?。¡ê";
return;
}
passwordQA =EncryptToHashString(newpw, salt, "SHA1");
cmd.CommandText = "UPDATE [TravelService].[dbo].[aspnet_Membership]" +
"SET [PasswordAnswer] = @passwordAnswer " +
"WHERE [UserId] = " +
"(SELECT aspnet_Membership.UserId as id " +
" FROM aspnet_Membership INNER JOINaspnet_Users " +
" ON aspnet_Membership.UserId =aspnet_Users.UserId " +
" WHERE (aspnet_Users.UserName = @username))";
cmd.Parameters.Add("@passwordAnswer", System.Data.SqlDbType.NVarChar, 255).Value = passwordQA;
count = cmd.ExecuteNonQuery();
}
catch(System.Data.SqlClient.SqlException se)
{
thrownew System.Configuration.Provider.ProviderException("检¨¬索¡Â用®?户¡ì失º¡ì败㨹。¡ê\n\n描¨¨述º?为a:êo" + se.Message);
}
finally
{
conn.Close();
}
if(count > 0)
{
Label10.Text = "密¨¹码?提¬¨¢示º?问¨º题¬a答äe案ã?修T改?完ª¨º毕À?。¡ê";
cc.WriteOperationLog(User.Identity.Name,"修T改?用®?户¡ì《?" + username + "》¡¤的Ì?密¨¹码?提¬¨¢示º?问¨º题¬a答äe案ã?为a“¡ã" + passwordQA + "”¡À");
}
else
{
Label10.Text = "密¨¹码?提¬¨¢示º?问¨º题¬a答äe案ã?修T改?失º¡ì败㨹。¡ê";
}
}
5、Email、comment:system.web.security.membershipuser.updateuser(username)
protected voidButton10_Click(object sender, EventArgs e)
{
stringemail = TextBox9.Text;
if(email.Length == 0)
{
Label12.Text = "请?输º?入¨?新?的Ì?Email地Ì?址¡¤";
return;
}
System.Web.Security.MembershipUser u = System.Web.Security.Membership.GetUser(username);
u.Email = email;
System.Web.Security.Membership.UpdateUser(u);
Label12.Text = "Email地Ì?址¡¤修T改?完ª¨º毕À?,ê?新?Email为a:êo" + email + "。¡ê";
cc.WriteOperationLog(User.Identity.Name, "修T改?用®?户¡ì《?" + username + "》¡¤的Ì?Email地Ì?址¡¤为a" + email);
}
6、LockedOut:System.Web.Security.SqlMembershipProvider. UnlockUser (username)
System.Web.Security.MembershipUseru = System.Web.Security.Membership.GetUser(username);
if(u.UnlockUser()
7、用户角色:System.Web.Security.Roles.RemoveUserFromRoles(username,roleArray);
System.Web.Security.Roles.AddUserToRole(username, selectrole);
- ASP.NET Membership中可以更改的用户信息
- ASP.NET Whidbey中personalization和membership的一些特征
- Microsoft ASP.NET MVC中Membership登陆的实现
- ASP.NET Whidbey中personalization和membership的一些
- ASP.NET Whidbey中personalization和membership的一些特征
- ASP.NET 2.0中使用Membership
- 转载:ASP.NET 2.0中使用Membership
- ASP.NET Membership
- ASP.NET 2.0 Membership
- ASP.NET 2.0 Membership
- ASP.NET 2.0 Membership
- Asp.net RBAC membership
- asp.net membership
- asp.net membership
- 在Asp.net中,Web.Config中 membership 及 roleManager 的配置:
- asp.net2.0中Membership的扩展
- asp.net2.0中Membership的扩展
- asp.net2.0中Membership的扩展
- java开源网站
- asp.net 控制显示图片的大小
- Demo.exe 中的 0x10001fdd 处最可能的异常: 0xC0000005: 读取位置 0x0000001c 时发生访问冲突
- pomelo消息推送
- 很有用的算法http://bbs.csdn.net/topics/390768965
- ASP.NET Membership中可以更改的用户信息
- 单件模式(Singleton Pattern)
- 虚函数:从入门到精通
- Android核心分析 之九-------Zygote Service
- jquery简单制作悬浮导航 滚动到哪儿 定位到哪儿
- 4.深入java反射机制
- A 判二分图
- “System.string到system.guid强制转换无效”错误处理
- 为了更好的分享我自己设计 今天开始
