ASP.NET PasswordRecovery控制 - 即使提供了錯誤的答案，也總是「成功」嗎？

即使在用戶提供的答案不正確的情況下，我仍在使用始終重置密碼的PasswordRecovery控件。它似乎沒有解僱「OnAnswerLookupError」事件。有沒有人遇到過這個問題，或者有什麼想法我做錯了？ASP.NET PasswordRecovery控制 - 即使提供了錯誤的答案，也總是「成功」嗎？

非常簡單的代碼，我會粘貼在下面。唯一真正的定製它有讓是誰被鎖定的用戶（從我們的客戶每次請求）重置其密碼：

<%@ Page Title="Password Recovery" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true" 
    CodeBehind="PasswordRecovery.aspx.cs" Inherits="OurApp.UI.Account.PasswordRecovery" %> 

<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent"> 
</asp:Content> 
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent"> 

    <h2> 
     Password Recovery 
    </h2> 
    <p> 
     Follow instructions to reset your password. 
    </p> 

    <asp:Label ID="lblMessage" runat="server" Font-Bold="true" ForeColor="red" /> 

    <asp:PasswordRecovery SuccessText="Your password was successfully reset and emailed to you." 
     OnAnswerLookupError="UserLookupError" 
     OnUserLookupError="UserLookupError" 
     OnVerifyingUser="UserCheck" 
     QuestionFailureText="Incorrect answer. Please try again." runat="server" ID="RecoveryInput" 
     UserNameFailureText="Username not found." 
     OnSendingMail="RecoveryInput_SendingMail"> 

    <MailDefinition IsBodyHtml="false" BodyFileName="~/Account/email.ascx" 
      From="[email protected]" 
      Subject="Our App - Password Reset" 
      Priority="High"> 
    </MailDefinition> 

    <UserNameTemplate> 
     <asp:Panel ID="pnl1" runat="server" DefaultButton="submit"> 
     <dl> 
      <dd>User Name</dd> 
      <dd> 
       <asp:TextBox ID="Username" runat="server" AUTOCOMPLETE="OFF" /> 
      </dd> 
      <dt></dt> 
      <dd> 
       <asp:Button ID="submit" 
        CausesValidation="true" 
        ValidationGroup="PWRecovery" 
        runat="server" 
        CommandName="Submit" 
        Text="Submit" /> 
      </dd> 
      <dt></dt> 
      <dd> 
       <p class="Error"><asp:Literal ID="ErrorLiteral" 
         runat="server"></asp:Literal> 
       </p> 
      </dd> 
     </dl> 
     </asp:Panel> 
    </UserNameTemplate> 
    <QuestionTemplate> 
     <asp:panel ID="pnl1" runat="server" DefaultButton="submit"> 
     Hello 
     <asp:Literal runat="server" ID="personname" />, 
     <p> 
      You must answer your recovery question in order to have a new email sent to you. 
     </p> 
     <dl> 
      <dt>Question:</dt> 
      <dd> 
       <asp:Literal runat="server" ID="Question" /> 
      </dd> 
      <dt></dt> 
      <dt>Answer:</dt> 
      <dd> 
       <asp:TextBox runat="server" ID="Answer" AUTOCOMPLETE="OFF" /> 
      </dd> 
      <dt></dt> 
      <dd> 
       <asp:Button runat="server" ID="submit" 
        Text="Submit" CommandName="submit" /> 
      </dd> 
      <dt></dt> 
      <dd> 
       <p class="Error"> 
        <asp:Literal ID="FailureText" runat="server"></asp:Literal> 
       </p> 
      </dd> 
     </dl> 
     </asp:panel> 
    </QuestionTemplate> 
</asp:PasswordRecovery> 
<asp:HyperLink NavigateUrl="~/Account/Login.aspx" runat="server">Login</asp:HyperLink> 
</asp:Content> 


    public partial class PasswordRecovery : System.Web.UI.Page 
    { 
     protected void Page_Load(object sender, EventArgs e) 
     { 
      lblMessage.Text = string.Empty; 
     } 

     protected void UserCheck(object sender, EventArgs e) 
     { 
      MembershipUser mu = Membership.GetUser(RecoveryInput.UserName); 

      if (mu == null) 
      { 
       UserLookupError(sender, e); 
       return; 
      } 

      if (mu.IsLockedOut) 
      { 
       //UserLookupError(sender, e); 
       //return; 
       mu.UnlockUser(); 
      } 
     } 

     protected void UserLookupError(object sender, EventArgs e) 
     { 
      lblMessage.Text = "There was a problem resetting your password. Please contact your Administrator or Account Executive for assistance."; 
     } 

     protected void RecoveryInput_SendingMail(object sender, MailMessageEventArgs e) 
     { 
      try 
      { 
       MembershipUser mu = Membership.GetUser(RecoveryInput.UserName); 
       mu.Comment = "MustChangePassword"; 
       Membership.UpdateUser(mu); 
      } 
      catch (Exception ex) 
      { 
       Utilities.ErrorHandling.HandleError(ex); 
       lblMessage.Text = "There was a problem resetting your password. Please contact your administrator."; 
      } 
     } 
    }

來源

2013-10-28 Cortright

更新：這最終是由於SqlMembershipProvider的內部實現，並未能捕獲aspnet_Membership_ResetPassword存儲過程的返回碼。這不是ASP.NET本身的問題。由於我們必須訪問這個存儲過程的方式（想想洋蔥的層次） - 這對我來說並不是顯而易見的。這個問題可以關閉！

來源

2013-10-28 20:37:19 Cortright

很高興你找到了解決方案！ – Icemanind

問題是幾乎肯定會是因爲你使用的是母版頁。把這個頁面放到它自己的頁面中，沒有母版頁，然後再試一次，它應該可以工作。

來源

2013-10-28 18:05:19 Icemanind

我讀過一些關於母版頁的問題，這些控件也出現了問題，並且在我發佈問題之前實際上剛剛完成了嘗試。不幸的是，即使是完全空白頁面（在表單標籤中使用此標記），它也具有相同的行爲。 :( – Cortright

@Cortright - 試着看[這個頁面]（http://forums.asp.net/t/1331916.aspx）看看它是否可以幫助你。在這個頁面上的OP聽起來像他有一個 – Icemanind

沒有，我的確嘗試過，但沒有解決任何問題 – Cortright

ASP.NET PasswordRecovery控制 - 即使提供了錯誤的答案，也總是「成功」嗎？

回答

相關問題