你壓倒了錯誤的方法,史蒂夫。您想覆蓋可取消ChangingPassword
。
試試這個:
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e)
{
// do your lookup here,
bool passwordHasBeenPreviouslyUsed = true;
if (passwordHasBeenPreviouslyUsed)
{
e.Cancel = true;
// notify of error
return;
}
}
而且,按照前文的Q/A會話,你永遠也不會EVER存儲用戶的密碼。轉到會員表並獲取salt,並使用它對傳入的密碼進行散列,以與您存儲在查找表中的已經存儲過鹽值的值進行比較。
祝你好運。
(1) - 當CEO發現他的密碼已被存儲爲可利用的格式時,您的位置有多大?對我們這些黑魔法師有一定程度的信任,這種信任帶來了自己的風險。注意它們。 ;-)
編輯:
工作的示例:
爲ChangePassword.aspx
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Diagnostics"%>
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
}
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e)
{
// works for me!
Debugger.Break();
}
</script>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:ChangePassword ID="ChangePassword1" runat="server" OnChangingPassword="ChangePassword1_ChangingPassword">
</asp:ChangePassword>
</div>
</form>
</body>
</html>
更新: 您還可能有興趣在簡單的定義處理程序更高的範圍,將觀看所有密碼活動:
考慮這個
public void SetupPasswordActionHook()
{
//Occurs when a user is created, a password is changed, or a password is reset.
Membership.ValidatingPassword += Membership_ValidatingPassword;
}
void Membership_ValidatingPassword(object sender, ValidatePasswordEventArgs e)
{
// Gets a value that indicates whether the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a
// call to the System.Web.Security.MembershipProvider.CreateUser() method.
// true if the System.Web.Security.MembershipProvider.ValidatingPassword event is being raised during a call to the
// System.Web.Security.MembershipProvider.CreateUser() method; otherwise, false.
bool isNewUser = e.IsNewUser;
// Gets the password for the current create-user, change-password, or reset-password action.
// The password for the current create-user, change-password, or reset-password action.
string password = e.Password;
// Gets the name of the membership user for the current create-user, change-password, or reset-password action.
// The name of the membership user for the current create-user, change-password, or reset-password action.
string username = e.UserName;
// Gets or sets a value that indicates whether the current create-user, change-password, or reset-password action will be canceled.
// true if the current create-user, change-password, or reset-password action will be canceled; otherwise, false. The default is false.
e.Cancel = true;
// Gets or sets an exception that describes the reason for the password-validation failure.
// An System.Exception that describes the reason for the password-validation failure.
e.FailureInformation = new Exception("This is why I failed your password");
}
我不知道你想在這裏做什麼。你說的是想驗證舊密碼,但是你的SQL語句檢索用戶名並且從不檢查密碼。你如何驗證密碼本身? – cortijon 2010-04-27 13:09:09
是的,你是對的,那段代碼是在不同的頁面上,我真的很快把測試頁放在一起,對於混淆感到抱歉。我只是無法中斷流程本身。 感謝您的意見。 – Steve 2010-04-28 02:29:46
這個有什麼進展? – 2010-05-02 13:41:30