本文介绍了成员资格提供者ChangePassword方法返回类型问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们已经实现了自定义成员资格提供程序,并且在使用该提供程序的网页上具有更改密码控制.此成员资格提供程序类中的ChangePassword方法通过连接到外部Web服务来检查一些有关密码强度和有效性的业务逻辑.如果有新的密码(长度问题,需要特殊字符等),Web服务可以准确返回新密码出了什么问题.

We have implemented a Custom Membership provider and have a change password control on a webpage that uses this provider. The ChangePassword method in this membership provider class checks some business logic about password strength and validity by connecting to an external webservice. The webservice has the ability to return exactly what is wrong with the new password if any (length problems, special character required etc.).

现在,必须由自定义提供程序覆盖的ChangePassword方法的签名为:

Now, the signature of the ChangePassword method that has to be overriden by a custom provider is:

public override bool ChangePassword(string username, string oldPassword, string newPassword)

因此,即使我知道用户提供的新密码的确切问题,我也无法在网页上显示该密码,因为我只能通过此方法返回true或false,然后更改密码控件将接管并根据布尔值返回值来做自己的魔术.我可以连接ChangePassword控件的OnChangePasswordError事件以显示静态错误消息,或者甚至可以在发生错误时将此控件的FailureText属性设置为某些硬编码的字符串,但是我无法向用户提供他们提供的密码到底有什么问题.

So even though I know the exact problem with the new password the user supplies, I am not able to display it on the webpage because I can only return a true or false from this method and the change password control then takes over and does its own magic depending on the boolean return value. I can hook up the OnChangePasswordError event of the ChangePassword control to show a static error message, or I can even setup the FailureText property of this control to some hard-coded string when an error occurs, but I am unable to provide to the user what exactly is wrong with the password they supplied.

protected void OnPasswordChangeError(object sender, EventArgs e)
        {
            throw new MembershipPasswordException("Tell user what exactly is wrong with the password they supplied");
        }

MembershipProvider类具有一个ValidatingPassword事件,该事件在更改密码之前引发.我可以在这里通过检查密码是否符合条件来引发异常,但该异常似乎未通过到ChangePassword控件.这是ValidatingPassword eventHandler的代码:

The MembershipProvider class has a ValidatingPassword event, that is raised BEFORE the password is changed, and I can throw an exception here by checking if the password meets the criteria, but still that exception does not seem to be passed to the ChangePassword control. Here is the code for the ValidatingPassword eventHandler:

void MyMembershipProvider_ValidatingPassword(object sender, ValidatePasswordEventArgs e)
        {
           //if password not valid
           e.Cancel = true;
           e.FailureInformation = new MembershipPasswordException();
           e.FailureInformation;
        }

如何将成员资格提供程序类的ChangePassword方法中的特定信息发送到ChangePassword控件,以向用户显示正确的,非静态/硬编码的密码更改错误消息?是否可以将ValidatePasswordEventArgs与OnChangePassword方法的EventHandler中的EventArgs挂钩,以便我可以在ChangePassword控件中获取FailureInformation?

how to send specific information from the ChangePassword method of the Membership provider class to the ChangePassword control to display the correct, non static/hardcoded password change error messages to the user? Is there a way to hook up the ValidatePasswordEventArgs to the EventArgs in the EventHandler for the OnChangePassword method so that I can get the FailureInformation in the ChangePassword control?

从我的初步研究来看,这似乎是不可能的.尽管我认为MS团队不会忽视这一点,但应该有一种方法.

From my initial research this does not seem to be possible. Though I feel that the MS team would not have overlooked this and there should be a way.

一些指针:

MembershipUser.ChangePassword失败,没有警告 http://forums.asp.net/t/983613.aspx

推荐答案

好,所以我终于找到了解决方法.它不是最干净的,但我能想到的唯一地方或发现的地方都接近默认应包含的地方.

OK, so I finally figured a workaround. It is not the cleanest, but the only one I could come up with or found anywhere that was close to what should have been inclued by default.

注意:我没有选择将其保存在数据库或cookie中.

Note: I did not have the option to persist this in a database or a cookie.

我创建了一个ChangePasswordNew方法,该方法的行为与MembershipProvider ChangePassword方法相同,但是返回的是字符串而不是bool.因此,我的新方法将如下所示:

I created a ChangePasswordNew method that has the same behavior as the MembershipProvider ChangePassword method, but returns string instead of bool. So my new method would look like this:

public string ChangePasswordNew(string username, string oldPassword, string newPassword)
{
    //if password rules met, change password but do not return bool as MembershipProvider method does,
    //return Success or the exact error for failure instead
    if(passwordChangeRequirementsMet == true)
    {
        //change the password
        return "success";
    }
    else
        return "exact reason why password cannot be changed";
}

现在,订阅ChangePassword控件的onPasswordChanging事件:

Now, subscribe to the onPasswordChanging event of the ChangePassword Control:

protected void PasswordIsChanging(object sender, LoginCancelEventArgs e)
{
try
    {
      string response = Provider.ChangePasswordNew(username, currentPass, newPass);
      if(response != "success")
      {
        changePwdCtrl.FailureText = response;
      }
     else
    {
    //cancel call to the default membership provider method that will attempt to
    //change the password again. Instead, replicate the 'steps' of AttemptChangePassword(),
    //an internal method of the ChangePassword control.
    //Performing all the steps instead of calling the method because just calling method
    //does not work for some reason

    e.Cancel = true;
    FormsAuthentication.SetAuthCookie(username, false);
    OnPasswordChanged(sender, e);

    MethodInfo successMethodInfo = changePwdCtrl.GetType().GetMethod("PerformSuccessAction",                                    BindingFlags.NonPublic | BindingFlags.Instance);
    successMethodInfo.Invoke(changePwdCtrl, new object[] { "", "", changePwdCtrl.NewPassword });
}
}
catch(Exception ex)
{
    LogException(ex);
    throw;
}

}

注意:在这种情况下,如果更改密码时出现错误,即响应不是成功",则将继续调用Memebership Provider ChangePassword方法并再次返回错误.但是我已经将FailureText属性设置为第一次调用时从响应返回的描述性错误,这是我的目标.在我的情况下,我不介意两个方法调用.您的情况可能有所不同.

Note: In this case, if there is an error on password change, i.e. response is not "success", the Memebership Provider ChangePassword method will still be called and will return an error again. But I am already setting the FailureText property to the descriptive error returned from response in the first call, which was my objective. I did not mind two method calls in my case. Your case may be different.

希望这对某人有帮助!

这篇关于成员资格提供者ChangePassword方法返回类型问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-22 15:46