0

我将在 aspnet_Membership 中更新安全问题和答案。通常它是通过代码完成的:

 user.ChangePasswordQuestionAndAnswer(password, question, answer);

但我不知道密码。我发现有一个默认的存储过程。存储过程是:

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF
GO
ALTER PROCEDURE [dbo].[aspnet_Membership_ChangePasswordQuestionAndAnswer]
    @ApplicationName       nvarchar(256),
    @UserName              nvarchar(256),
    @NewPasswordQuestion   nvarchar(256),
    @NewPasswordAnswer     nvarchar(128)
AS
BEGIN
   DECLARE @UserId uniqueidentifier
   SELECT  @UserId = NULL
   SELECT  @UserId = u.UserId
   FROM    dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
   WHERE   LoweredUserName = LOWER(@UserName) AND
        u.ApplicationId = a.ApplicationId  AND
        LOWER(@ApplicationName) = a.LoweredApplicationName AND
        u.UserId = m.UserId
   IF (@UserId IS NULL)
   BEGIN
      RETURN(1)
   END

   UPDATE dbo.aspnet_Membership
     SET    PasswordQuestion = @NewPasswordQuestion, PasswordAnswer = @NewPasswordAnswer
    WHERE  UserId=@UserId
   RETURN(0)
   END

但是我刚刚发现答案是明文。如何使用存储过程并对其进行散列?

谢谢。

4

1 回答 1

2

如果您有权访问该用户,则可以在使用 Membership 方法之前更改其密码:

public virtual bool ChangePassword(string oldPassword, string newPassword)

你可以试试

string newPassword = user.ResetPassword();
user.ChangePassword(newPassword, "SOMENEWPASSWORD");

然后做

user.ChangePasswordQuestionAndAnswer("SOMENEWPASSWORD", question, answer);
于 2012-04-20T14:04:25.793 回答