忘记密码 MVC 4

问题描述 投票:0回答:2

在我的应用程序中,我试图让一个忘记密码的工作。我试图发送一封电子邮件给用户,当他或她输入他或她的用户名,发送他们和电子邮件,他们点击该链接,并被带回网站并更改他们的密码。唯一的问题是我的linq查询是错误的,没有检查用户名是否存在于数据库中。这是让忘记密码工作的正确方法吗?

下面是我的代码

控制器

    // GET: /Account/ForgotPassword
    [AllowAnonymous]
    public ActionResult ForgetPassword()
    {
        return View();
    }

    // Post: /Account/ForgotPassword
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult ForgetPassword(ForgetPasswordModel model, string UserName)
    {
        string emailAddress = (from i in db.UserProfiles
                                where i.UserName.Equals(model.Username)
                                select i.Email).Single();

        if (!string.IsNullOrEmpty(emailAddress))
        {
            string confirmationToken =
                WebSecurity.GeneratePasswordResetToken(model.Username);
            dynamic email = new Email("ChngPasswordEmail");
            email.To = emailAddress;
            email.UserName = model.Username;
            email.ConfirmationToken = confirmationToken;
            email.Send();

            return RedirectToAction("ResetPwStepTwo");
        }

        return RedirectToAction("InvalidUserName");
    }

型号

public class ForgetPasswordModel
{
    [Required]
    [Display(Name = "Username")]
    public string Username { get; set; }
}

查看

@model MyFestival.Models.UserProfile
@{
ViewBag.Title = "Forgot Password";
}

<hr />
<div class="form-group">
  <h3 class="panel-title">Did you forget your password?</h3>
</div>

@using (Html.BeginForm())


{
<div class="">
    @Html.AntiForgeryToken()
    @Html.ValidationSummary(true, null, new { @style = "color:red;" })
    <hr />
    <label>To reset your password, input your email address and press the Reset Password button.</label>
    <br/>
    <div class="form-group" >
        <div class="col-md-12" >
            <div class="input-group">
                <span class="input-group-addon" ><i class="glyphicon glyphicon-user" ></i ></span >
                @Html.TextBoxFor(m => m.UserName, new { @class = "form-control", @placeholder = "Username" })
            </div >
            @Html.ValidationMessageFor(m => m.UserName, null, new { @style = "color:red;" })
        </div>
    </div>
    <br/>
    <br/>
    <div class="form-group" >
        <div class="col-md-offset-2 col-md-10" >
            <input type="submit" class="btn btn-default"  value="Reset Password"/ >
            @Html.ActionLink("Back to Login", "Login", null, new { @class = "btn btn-info" })
        </div >
    </div>
</div>


}
c# asp.net-mvc linq
2个回答
0
投票

我刚刚发现,你有两个 ForgetPasswordModel modelstring username 作为控制器动作的参数,然后使用 Username 属性。我假设模型绑定器只是初始化了你的模型的 stirng username 而不是 ForgegPasswordModel. 你能不能试着去掉 stirng username - 的第二个参数 ForgetPassword 操作?


0
投票

你可以创建自己的GUID,然后通过邮件发送给用户,当用户点击邮件链接时,检查Guid并更新用户的新密码。

下面是示例代码

创建一个视图,输入忘记密码的邮箱

@{
ViewBag.Title = "Forgot Password";
}

<h2>Forgot Password</h2>

 @using (Html.BeginForm())
 {
   <div class="form-horizontal">
  <hr />
   <div class="text-success">
      @ViewBag.Message
   </div>
    <div class="form-group">
    Please enter your registered email address below to receive an email containing a link, to reset your password.
   </div>
    <div class="form-group">
       <label class="control-label col-md-2">Email Address</label>
       @Html.TextBox("EmailID", "", new { @class = "form-control" })
  </div>
 <div class="form-group">
     <div class="col-md-offset-2 col-md-10">
         <input type="submit" value="Submit" class="btn btn-success" />
    </div>
</div>
  </div>
 }

然后在你的控制器中从用户那里获取电子邮件ID,检查电子邮件是否存在并创建新的GUID,将其保存在数据库中,然后向用户发送电子邮件。

    [HttpPost]
    public ActionResult ForgotPassword(string EmailID)
    {
        string resetCode = Guid.NewGuid().ToString();

        var verifyUrl = "/Account/ResetPassword/" + resetCode;

        var link = Request.Url.AbsoluteUri.Replace(Request.Url.PathAndQuery, verifyUrl);
       //get user details from database.
        using (var context = new LoginRegistrationInMVCEntities())
        {
            var getUser = (from s in context.RegisterUsers where s.Email == EmailID select s).FirstOrDefault();
            if (getUser != null)
            {
                getUser.ResetPasswordCode = resetCode;

                //This line I have added here to avoid confirm password not match issue , as we had added a confirm password property 

                context.Configuration.ValidateOnSaveEnabled = false;
                context.SaveChanges();

                var subject = "Password Reset Request";
                var body = "Hi " + getUser.FirstName + ", <br/> You recently requested to reset your password for your account. Click the link below to reset it. " +

                     " <br/><br/><a href='" + link + "'>" + link + "</a> <br/><br/>" +
                     "If you did not request a password reset, please ignore this email or reply to let us know.<br/><br/> Thank you";

                SendEmail(getUser.Email, body, subject);

                ViewBag.Message = "Reset password link has been sent to your email id.";
            }
            else
            {
                ViewBag.Message = "User doesn't exists.";
                return View();
            }
        }

        return View();
    }

    private void SendEmail(string emailAddress, string body, string subject)
    {
        using (MailMessage mm = new MailMessage("[email protected]", emailAddress))
        {
            mm.Subject = subject;
            mm.Body = body;

            mm.IsBodyHtml = true;
            SmtpClient smtp = new SmtpClient();
            smtp.Host = "smtp.gmail.com";
            smtp.EnableSsl = true;
            NetworkCredential NetworkCred = new NetworkCredential("[email protected]", "YourPassword");
            smtp.UseDefaultCredentials = true;
            smtp.Credentials = NetworkCred;
            smtp.Port = 587;
            smtp.Send(mm);

        }
    }

现在,当用户点击邮件并输入新的密码时,检查guid与我们保存在数据库中的guid是否一致,如果一致则更新密码。

查看更多信息。

ASP.NET MVC中的忘记密码功能(通过电子邮件重置密码)

© www.soinside.com 2019 - 2024. All rights reserved.