当前Umbraco版本-Umbraco版本7.5.3
我们有一个Umbraco项目,该项目使用自定义成员资格提供程序来验证某些受保护页面的成员(前端)。在我们必须升级通过其身份验证的系统之前,该成员资格提供者一直运行良好。升级外部系统后,我们的会员资格提供者现在遇到一个奇怪的问题,我正在努力解决。问题如下:
1-用户尝试使用正确的详细信息(通过Umbraco登录表)登录并收到'错误的用户名和密码错误'
2-用户然后使用我们的“重置密码”功能,该功能会向他们发送输入到Umbraco表单中的“ PIN”。如果PIN匹配,则会显示一个表格以输入新密码。
3-用户现在可以通过新创建的用户名和密码登录(进入Umbraco保护区)。
4-现在,用户进入我们的外部系统并输入其用户名和密码(通过Umbraco表单创建)。此[[also已成功登录。 (这似乎更改了用户密码?)
5-用户现在尝试重新登录到Umbraco保护页面,但再次收到错误的用户名和密码。6-
但是
用户名和密码在外部系统上仍然有效。经过一些研究,我们得出的结论是,我们的外部系统现在似乎使用了Umbraco不兼容的另一种加密方法?我真的很难弄清楚这是怎么/为什么发生的,我需要更改什么以确保密码都匹配并且成员可以访问受保护的页面。
我相信这是运行登录名/密码重置逻辑的内容:
namespace Profile.Controllers
{
[PluginController("Profile")]
public class SecurityController : SurfaceController
{
public string RandomString(int length)
{
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
var stringChars = new char[length];
var random = new Random();
for (int i = 0; i < stringChars.Length; i++)
{
stringChars[i] = chars[random.Next(chars.Length)];
}
return new String(stringChars);
}
[ChildActionOnly]
public ActionResult SecurityForm()
{
var model = new SecurityModel();
return PartialView("SecurityForm", model);
}
[HttpPost]
public ActionResult UpdateUsername(SecurityModel viewModel, FormCollection form)
{
iboAdmin.InitializeSystem();
try
{
CContactUser user = CContactUser.LoginByWebLogin(User.Identity.Name);
user.ChangeWebLogin(viewModel.ChangeUsername.NewUsername, viewModel.ChangeUsername.Password);
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
if (ModelState.IsValid)
{
TempData["SuccessMessage"] = "Your username has been changed successfully";
return RedirectToCurrentUmbracoPage();
}
else
{
return CurrentUmbracoPage();
}
}
[HttpPost]
public ActionResult UpdatePassword(SecurityModel viewModel, FormCollection form)
{
bool legacyCode = false;
try
{
if (legacyCode)
{
iboAdmin.InitializeSystem();
CContactUser user = CContactUser.LoginByWebLogin(User.Identity.Name);
user.ChangePassword(viewModel.ChangePassword.CurrentPassword, viewModel.ChangePassword.NewPassword);
}
else
{
if (!iboAdmin.IsSystemInitialized)
{
iboAdmin.InitializeSystem();
}
CContactUser user = CContactUser.LoginByWebLogin(User.Identity.Name);
var contact = new CContact(CStaffUser.GetDefaultStaffUser(), user.ContactId);
contact.UserSecurity.ChangePassword(viewModel.ChangePassword.CurrentPassword, User.Identity.Name, viewModel.ChangePassword.NewPassword);
contact.Save();
if (contact.ErrorsCount > 0)
ModelState.AddModelError("", "An error occured when setting the password: " + contact.Errors.PrimaryErrorMessage);
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
if (ModelState.IsValid)
{
TempData["SuccessMessage"] = "Your password has been changed successfully";
return RedirectToCurrentUmbracoPage();
}
else
{
return CurrentUmbracoPage();
}
}
[HttpPost]
public ActionResult LoginReminder(string Email)
{
iboAdmin.InitializeSystem();
try
{
CContactUser user = CContactUser.LoginByWebLogin("manager");
CContact contact = CContact.GetContacts(user, "", "AND Name.EMAIL = @email", new SqlParameter[] { new SqlParameter("email", Email) }).First();
string ksamHelpline = (ConfigurationManager.AppSettings.AllKeys.Contains("KSAMHelpline") ? ConfigurationManager.AppSettings["KSAMHelpline"] : "01625 664500");
if (contact == null)
{
throw new Exception("There are no users on our system with that e-mail address registered. Please contact the administration office on " + ksamHelpline + " to access your account.");
}
string userName = contact.UserSecurity.WebLoginId;
if(string.IsNullOrEmpty(userName))
{
throw new Exception("A username has not been found for your email address. Please contact the administration office on " + ksamHelpline + ".");
}
else
{
SmtpClient smtpClient = new SmtpClient();
MailMessage mail = new MailMessage();
string messageBody = System.IO.File.ReadAllText(Server.MapPath("~/emails/LoginReminder.html"));
HtmlDocument htmldoc = new HtmlDocument();
htmldoc.LoadHtml(messageBody);
mail.To.Add(new MailAddress(contact.EmailAddress));
mail.Subject = htmldoc.DocumentNode.SelectSingleNode("//head/title").InnerText;
messageBody = messageBody.Replace("[USERNAME]", userName);
mail.Body = messageBody.Replace("[FIRST_NAME]", contact.FirstName);
mail.IsBodyHtml = true;
smtpClient.Send(mail);
TempData["SuccessMessage"] = "A reminder e-mail containing your username has been sent to " + Email;
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
if (ModelState.IsValid)
{
return RedirectToCurrentUmbracoPage();
}
else
{
return CurrentUmbracoPage();
}
}
[HttpPost]
public ActionResult PasswordResetRequest(string username)
{
Session["ResetUser"] = "";
iboAdmin.InitializeSystem();
try
{
CContactUser user = CContactUser.LoginByWebLogin(username);
CContact contact = new CContact(user,user.ContactId);
if (contact.EmailAddress == "")
{
throw new Exception("There is no email address registered to that username. Please contact the administration office to access your account.");
}
Session["PIN"] = RandomString(5);
Session["ResetUser"] = username;
TempData["PINSent"] = true;
SmtpClient smtpClient = new SmtpClient();
MailMessage mail = new MailMessage();
string messageBody = System.IO.File.ReadAllText(Server.MapPath("~/emails/ResetPasswordPin.html"));
HtmlDocument htmldoc = new HtmlDocument();
htmldoc.LoadHtml(messageBody);
mail.To.Add(new MailAddress(contact.EmailAddress));
mail.Subject = htmldoc.DocumentNode.SelectSingleNode("//head/title").InnerText;
mail.Body = messageBody.Replace("[PIN]", Session["PIN"].ToString());
mail.IsBodyHtml = true;
smtpClient.Send(mail);
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
if (ModelState.IsValid)
{
return RedirectToCurrentUmbracoPage();
}
else
{
return CurrentUmbracoPage();
}
}
[HttpPost]
public ActionResult PasswordResetVerify(string PIN)
{
iboAdmin.InitializeSystem();
try
{
if (Session["PIN"].ToString() == PIN)
{
TempData["Verified"] = true;
}
else
{
throw new Exception("Verification codes do not match");
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
if (ModelState.IsValid)
{
return RedirectToCurrentUmbracoPage();
}
else
{
return CurrentUmbracoPage();
}
}
[HttpPost]
public ActionResult PasswordReset(string password)
{
iboAdmin.InitializeSystem();
try
{
CContact contact;
bool legacyCode = false, success = false;
if (legacyCode)
{
CContactUser user = CContactUser.LoginByWebLogin(Session["ResetUser"].ToString());
user.ChangePassword(password, "REMOVED", "REMOVED");
contact = new CContact(user, user.ContactId);
}
else
{
// Jeremy suggested code v1.
//
/*if (!iboAdmin.IsSystemInitialized)
{
iboAdmin.InitializeSystem();
}
CContactUser user = CContactUser.LoginByWebLogin(Session["ResetUser"].ToString());
contact = new CContact(user, user.ContactId);
contact.UserSecurity.ChangePassword(password, "REMOVED", "REMOVED");
contact.Save();
if (contact.ErrorsCount > 0)
ModelState.AddModelError("", "An error occured when setting the password: " + contact.Errors.PrimaryErrorMessage);*/
// Jeremy suggested code v2.
//
if (!iboAdmin.IsSystemInitialized)
{
iboAdmin.InitializeSystem();
}
CContactUser user = CContactUser.LoginByWebLogin(Session["ResetUser"].ToString());
contact = new CContact(CStaffUser.GetDefaultStaffUser(), user.ContactId);
var membershipUser = Membership.GetUser(contact.UserSecurity.WebLoginId, false);
string oldPassword = membershipUser.ResetPassword();
success = membershipUser.ChangePassword(oldPassword, password);
}
SmtpClient smtpClient = new SmtpClient();
MailMessage mail = new MailMessage();
string messageBody = System.IO.File.ReadAllText(Server.MapPath("~/emails/ResetPasswordSuccess.html"));
HtmlDocument htmldoc = new HtmlDocument();
htmldoc.LoadHtml(messageBody);
mail.To.Add(new MailAddress(contact.EmailAddress));
mail.Subject = htmldoc.DocumentNode.SelectSingleNode("//head/title").InnerText;
mail.Body = messageBody.Replace("[FIRST_NAME]", contact.FirstName);
mail.IsBodyHtml = true;
smtpClient.Send(mail);
TempData["Success"] = true;
TempData["SuccessMessage"] = "Your password has been reset successfully.";
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
if (ModelState.IsValid)
{
return RedirectToCurrentUmbracoPage();
}
else
{
return CurrentUmbracoPage();
}
}
}
}
只需添加:
hashAlgorithmType="SHA256"
进入Web配置。