gpt4 book ai didi

c# - 忘记密码网址

转载 作者:太空狗 更新时间:2023-10-29 22:53:15 28 4
gpt4 key购买 nike

我有一个使用 asp.net 登录控件的 Web 应用程序。此外,我还使用了密码恢复控件,供用户恢复密码。一旦用户在恢复控件中完成输入他们的详细信息,包含验证 URL 的电子邮件将发送到用户的电子邮件地址。单击 URL 后,它将引导用户进入我的 Web 应用程序的 UserProfile,在该应用程序中,它允许用户更改其密码。

现在的问题是,因为我为 UserProfile.aspx 设置了一个访问规则以拒绝匿名用户,当我从 URL 重定向到 UserProfile.aspx 页面时,它反而将我定向到登录页面(系统将我识别为匿名用户)。

为什么会这样?单击 URL(包括所有用户信息)后,是否有任何地方可以直接进入用户配置文件页面?

URL 看起来像这样:

http://localhost:1039/Members/UserProfile.aspx?ID=56f74cc7-7680-4f1b-9207-0ab8dad63cad 

URL 的最后一部分实际上是 userId。

这是用户配置文件 aspx 的代码:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
ConnectionString="<%$ ConnectionStrings:ASPNETDBConnectionString1 %>"
SelectCommand="SELECT aspnet_Membership.Email, Details.CustName, Details.CustNum, Details.CustRole, Details.CustStatus, Details.PName, Details.PEmail, Details.PRole, Details.WedDate, aspnet_Users.UserName, Details.UserId FROM Details INNER JOIN aspnet_Membership ON Details.UserId = aspnet_Membership.UserId INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId WHERE (Details.UserId = @UserId)"


UpdateCommand="update Details SET CustName = @CustName, CustNum = @CustNum, CustRole = @CustRole, CustStatus = @CustStatus, PName = @PName, PEmail = @PEmail, PRole = @PRole, WedDate = @WedDate WHERE [UserId] = @UserId

Update aspnet_Membership Set Email= @email WHERE [UserId] = @UserId"

DeleteCommand= "DELETE FROM Details WHERE UserId = @UserId;">

<DeleteParameters>
<asp:ControlParameter ControlID="lblHidden" Name="UserId" PropertyName="Text"
Type="String" />
</DeleteParameters>

<SelectParameters>
<asp:ControlParameter ControlID="lblHidden" Name="UserId" PropertyName="Text" />

</SelectParameters>

<UpdateParameters>
<asp:Parameter Name="CustName" />
<asp:Parameter Name="CustNum" />
<asp:Parameter Name="CustRole" />
<asp:Parameter Name="CustStatus" />
<asp:Parameter Name="PName" />
<asp:Parameter Name="PEmail" />
<asp:Parameter Name="PRole" />
<asp:Parameter Name="WedDate" />
<asp:Parameter Name="UserId" />
<asp:Parameter Name="email" />
</UpdateParameters>


</asp:SqlDataSource>
<asp:DetailsView ID="DetailsView1" runat="server" AutoGenerateRows="False"
DataSourceID="SqlDataSource1" Height="50px" Width="125px">
<Fields>
<asp:BoundField DataField="Email" HeaderText="Email" SortExpression="Email" />
<asp:BoundField DataField="CustName" HeaderText="CustName"
SortExpression="CustName" />
<asp:BoundField DataField="CustNum" HeaderText="CustNum"
SortExpression="CustNum" />
<asp:BoundField DataField="CustRole" HeaderText="CustRole"
SortExpression="CustRole" />
<asp:BoundField DataField="CustStatus" HeaderText="CustStatus"
SortExpression="CustStatus" />
<asp:BoundField DataField="PName" HeaderText="PName" SortExpression="PName" />
<asp:BoundField DataField="PEmail" HeaderText="PEmail"
SortExpression="PEmail" />
<asp:BoundField DataField="PRole" HeaderText="PRole" SortExpression="PRole" />
<asp:BoundField DataField="WedDate" HeaderText="WedDate"
SortExpression="WedDate" />
<asp:BoundField DataField="UserName" HeaderText="UserName"
SortExpression="UserName" />
<asp:BoundField DataField="UserId" HeaderText="UserId"
SortExpression="UserId" />
<asp:CommandField ShowEditButton="True" />
</Fields>
</asp:DetailsView>
<asp:Label ID="lblHidden" runat="server" Text="Label" Visible="False"></asp:Label>



<asp:Button ID="btnDelete" runat="server" onclick="btnDelete_Click"
Text="Delete" />

下面是代码:

protected void Page_Load(object sender, EventArgs e)
{
MembershipUser currentUser = Membership.GetUser();
lblHidden.Text = currentUser.ProviderUserKey.ToString();
}

protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
{
// Get a reference to the currently logged on user
MembershipUser currentUser = Membership.GetUser();

// Determine the currently logged on user's UserId value
// Assign the currently logged on user's UserId to the @UserId parameter
//access the parameter value using e.Command.Parameters
//programmatically set the @UserId:
e.Command.Parameters["@UserId"].Value = currentUser.ProviderUserKey.ToString();



}
protected void btnDelete_Click(object sender, EventArgs e)
{

SqlConnection connection = new SqlConnection();
connection.ConnectionString = ConfigurationManager.ConnectionStrings["ASPNETDBConnectionString1"].ConnectionString;
SqlCommand cmd = new SqlCommand();
SqlCommand cmd1 = new SqlCommand();
string userId = lblHidden.Text;

cmd.Connection = connection;
cmd.CommandText = "DELETE FROM Details WHERE UserId ='" + userId + "'";


cmd1.Connection = connection;
cmd1.CommandText = "DELETE FROM aspnet_Membership WHERE UserId ='" + userId + "'";

connection.Open();

cmd.ExecuteNonQuery();
cmd1.ExecuteNonQuery();


connection.Close();


Response.Redirect("Home.aspx");
}

其次,有什么方法可以为 URL 设置过期时间吗?如果 URL 被第二次点击,它不会将用户重定向到任何地方。我看到很多帖子,其中大多数建议在数据库中添加一列。有没有其他方法可以在不接触数据库的情况下设置到期时间???

最佳答案

考虑为更改密码链接创建一个单独的页面。让此页面采用唯一标识符。这个标识符应该只工作一次,有一个到期日期,并且特定于该用户。公开此页面:

<location path="changepassword.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

您需要在某处针对用户存储唯一标识符。如果你不想影响你当前的模式,你可以创建一个新表:

PK | Identifier | UserID                               | expires
1 | abcd | ffffffff-ffff-ffff-ffff-ffffffffffff | 16-jul-2012 18:26

请求页面时,如果标识符已过期,则不允许页面运行。更改密码后,使标识符无效 - 删除它,或将到期日期设置为过去的日期(例如现在)。

关于c# - 忘记密码网址,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11508324/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com