你压倒了错误的方法,史蒂夫。您想覆盖可取消ChangingPassword
。
试试这个:
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e)
{
// do your lookup here,
bool passwordHasBeenPreviouslyUsed = true;
if (passwordHasBeenPreviouslyUsed)
{
e.Cancel = true;
// notify of error
return;
}
}
而且,按照前文的Q/A会话,你永远也不会EVER存储用户的密码。转到会员表并获取salt,并使用它对传入的密码进行散列,以与您存储在查找表中的已经存储过盐值的值进行比较。
祝你好运。
(1) - 当CEO发现他的密码已被存储为可利用的格式时,您的位置有多大?对我们这些黑魔法师有一定程度的信任,这种信任带来了自己的风险。注意它们。 ;-)
编辑:
工作的示例:
为ChangePassword.aspx
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Diagnostics"%>
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
}
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e)
{
// works for me!
Debugger.Break();
}
</script>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:ChangePassword ID="ChangePassword1" runat="server" OnChangingPassword="ChangePassword1_ChangingPassword">
</asp:ChangePassword>
</div>
</form>
</body>
</html>
更新: 您还可能有兴趣在简单的定义处理程序更高的范围,将观看所有密码活动:
考虑这个
public void SetupPasswordActionHook()
{
//Occurs when a user is created, a password is changed, or a password is reset.
Membership.ValidatingPassword += Membership_ValidatingPassword;
}
void Membership_ValidatingPassword(object sender, ValidatePasswordEventArgs e)
{
// Gets a value that indicates whether the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a
// call to the System.Web.Security.MembershipProvider.CreateUser() method.
// true if the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a call to the
// System.Web.Security.MembershipProvider.CreateUser() method; otherwise, false.
bool isNewUser = e.IsNewUser;
// Gets the password for the current create-user, change-password, or reset-password action.
// The password for the current create-user, change-password, or reset-password action.
string password = e.Password;
// Gets the name of the membership user for the current create-user, change-password, or reset-password action.
// The name of the membership user for the current create-user, change-password, or reset-password action.
string username = e.UserName;
// Gets or sets a value that indicates whether the current create-user, change-password, or reset-password action will be canceled.
// true if the current create-user, change-password, or reset-password action will be canceled; otherwise, false. The default is false.
e.Cancel = true;
// Gets or sets an exception that describes the reason for the password-validation failure.
// An System.Exception that describes the reason for the password-validation failure.
e.FailureInformation = new Exception("This is why I failed your password");
}
我不知道你想在这里做什么。你说的是想验证旧密码,但是你的SQL语句检索用户名并且从不检查密码。你如何验证密码本身? – cortijon 2010-04-27 13:09:09
是的,你是对的,那段代码是在不同的页面上,我真的很快把测试页放在一起,对于混淆感到抱歉。我只是无法中断流程本身。 感谢您的意见。 – Steve 2010-04-28 02:29:46
这个有什么进展? – 2010-05-02 13:41:30