您能告诉我以下代码有什么问题吗? 它用新的密码更改密码,将其成功保存到数据库,向用户发送电子邮件但是当我尝试使用新密码登录时,收到错误:
用户名或密码无效
protected void SendEmail(object sender, EventArgs e)
{
string username = string.Empty;
string password = string.Empty;
string newPassword = "temp_" + DateTime.Now.ToString("yyyyMMddHHmmss");
var manager = new UserManager();
string newPasswordHash = manager.PasswordHasher.HashPassword("newPassword");
string constr = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("SELECT Username, [PasswordHash] FROM AspNetUsers WHERE Email = @Email"))
{
cmd.Parameters.AddWithValue("@Email", txtEmail.Text.Trim());
cmd.Connection = con;
con.Open();
using (SqlDataReader sdr = cmd.ExecuteReader())
{
if (sdr.Read())
{
username = sdr["Username"].ToString();
password = sdr["PasswordHash"].ToString();
}
}
con.Close();
}
using (SqlCommand cmd = new SqlCommand("Update AspNetUsers set PasswordHash=@Password WHERE Email=@Email"))
{
cmd.Parameters.AddWithValue("@Password", newPasswordHash);
}
}
if (!string.IsNullOrEmpty(password))
{
MailMessage mm = new MailMessage("****@gmail.com", txtEmail.Text.Trim());
mm.Subject = "Password Recovery";
mm.Body = string.Format("Your temporary password is {0}<br /><br /> You are advised to login and change it immediately.<br /><br />Thank You.", newPassword);
mm.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.EnableSsl = true;
NetworkCredential NetworkCred = new NetworkCredential();
NetworkCred.UserName = "*****@gmail.com";
NetworkCred.Password = "*****";
smtp.UseDefaultCredentials = true;
smtp.Credentials = NetworkCred;
smtp.Port = 587;
smtp.Send(mm);
lblMessage.ForeColor = Color.Green;
lblMessage.Text = "A temporary password has been sent to your email address.";
}
else
{
lblMessage.ForeColor = Color.Red;
lblMessage.Text = "This email address does not match our records.";
}
}
login.aspx.cs public partial class Account_Login:Page { protected void Page_Load(object sender,EventArgs e) { RegisterHyperLink.NavigateUrl =“注册”; //OpenAuthLogin.ReturnUrl = Request.QueryString [“ReturnUrl”]; var returnUrl = HttpUtility.UrlEncode(Request.QueryString [“ReturnUrl”]); if(!String.IsNullOrEmpty(returnUrl)) { RegisterHyperLink.NavigateUrl + =“?ReturnUrl =”+ returnUrl; } }
protected void LogIn(object sender, EventArgs e)
{
if (IsValid)
{
// Validate the user password
var manager = new UserManager();
ApplicationUser user = manager.Find(UserName.Text, Password.Text);
if (user != null)
{
IdentityHelper.SignIn(manager, user, RememberMe.Checked);
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
}
else
{
FailureText.Text = "Invalid username or password.";
ErrorMessage.Visible = true;
}
}
}
}
答案 0 :(得分:1)
问题是你没有更新你的密码。下线不会更新你的密码。它只会添加参数到参数集。
using (SqlCommand cmd = new SqlCommand("Update AspNetUsers set PasswordHash=@Password WHERE Email=@Email"))
{
cmd.Parameters.AddWithValue("@Password", newPasswordHash);
}
使用以下代码
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("Update AspNetUsers set PasswordHash=@Password WHERE Email=@Email"))
{
cmd.Parameters.AddWithValue("@Email", txtEmail.Text.Trim());
cmd.Parameters.AddWithValue("@Password", newPasswordHash);
cmd.Connection = con;
con.Open();
int row=cmd.ExecuteNonQuery();
if(row==1)
{
//success
}
else
{
//failed
}
}
}
答案 1 :(得分:0)
&#34; PasswordHash&#34;数据类型为&#34; nvarchar&#34;在我的AspNetUsers表中,但您正在定义和分配&#34; Password&#34; as&#34; String&#34;。 Nvarchar存储UNICODE数据,其中String存储ASCII数据。这可能导致失败。