在我的应用程序中,我试图让一个忘记密码的工作。我试图发送一封电子邮件给用户,当他或她输入他或她的用户名,发送他们和电子邮件,他们点击该链接,并被带回网站并更改他们的密码。唯一的问题是我的linq查询是错误的,没有检查用户名是否存在于数据库中。这是让忘记密码工作的正确方法吗?
下面是我的代码
控制器
// GET: /Account/ForgotPassword
[AllowAnonymous]
public ActionResult ForgetPassword()
{
return View();
}
// Post: /Account/ForgotPassword
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ForgetPassword(ForgetPasswordModel model, string UserName)
{
string emailAddress = (from i in db.UserProfiles
where i.UserName.Equals(model.Username)
select i.Email).Single();
if (!string.IsNullOrEmpty(emailAddress))
{
string confirmationToken =
WebSecurity.GeneratePasswordResetToken(model.Username);
dynamic email = new Email("ChngPasswordEmail");
email.To = emailAddress;
email.UserName = model.Username;
email.ConfirmationToken = confirmationToken;
email.Send();
return RedirectToAction("ResetPwStepTwo");
}
return RedirectToAction("InvalidUserName");
}
型号
public class ForgetPasswordModel
{
[Required]
[Display(Name = "Username")]
public string Username { get; set; }
}
查看
@model MyFestival.Models.UserProfile
@{
ViewBag.Title = "Forgot Password";
}
<hr />
<div class="form-group">
<h3 class="panel-title">Did you forget your password?</h3>
</div>
@using (Html.BeginForm())
{
<div class="">
@Html.AntiForgeryToken()
@Html.ValidationSummary(true, null, new { @style = "color:red;" })
<hr />
<label>To reset your password, input your email address and press the Reset Password button.</label>
<br/>
<div class="form-group" >
<div class="col-md-12" >
<div class="input-group">
<span class="input-group-addon" ><i class="glyphicon glyphicon-user" ></i ></span >
@Html.TextBoxFor(m => m.UserName, new { @class = "form-control", @placeholder = "Username" })
</div >
@Html.ValidationMessageFor(m => m.UserName, null, new { @style = "color:red;" })
</div>
</div>
<br/>
<br/>
<div class="form-group" >
<div class="col-md-offset-2 col-md-10" >
<input type="submit" class="btn btn-default" value="Reset Password"/ >
@Html.ActionLink("Back to Login", "Login", null, new { @class = "btn btn-info" })
</div >
</div>
</div>
}
我刚刚发现,你有两个 ForgetPasswordModel model
和 string username
作为控制器动作的参数,然后使用 Username
属性。我假设模型绑定器只是初始化了你的模型的 stirng username
而不是 ForgegPasswordModel
. 你能不能试着去掉 stirng username
- 的第二个参数 ForgetPassword
操作?
你可以创建自己的GUID,然后通过邮件发送给用户,当用户点击邮件链接时,检查Guid并更新用户的新密码。
下面是示例代码
创建一个视图,输入忘记密码的邮箱
@{
ViewBag.Title = "Forgot Password";
}
<h2>Forgot Password</h2>
@using (Html.BeginForm())
{
<div class="form-horizontal">
<hr />
<div class="text-success">
@ViewBag.Message
</div>
<div class="form-group">
Please enter your registered email address below to receive an email containing a link, to reset your password.
</div>
<div class="form-group">
<label class="control-label col-md-2">Email Address</label>
@Html.TextBox("EmailID", "", new { @class = "form-control" })
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Submit" class="btn btn-success" />
</div>
</div>
</div>
}
然后在你的控制器中从用户那里获取电子邮件ID,检查电子邮件是否存在并创建新的GUID,将其保存在数据库中,然后向用户发送电子邮件。
[HttpPost]
public ActionResult ForgotPassword(string EmailID)
{
string resetCode = Guid.NewGuid().ToString();
var verifyUrl = "/Account/ResetPassword/" + resetCode;
var link = Request.Url.AbsoluteUri.Replace(Request.Url.PathAndQuery, verifyUrl);
//get user details from database.
using (var context = new LoginRegistrationInMVCEntities())
{
var getUser = (from s in context.RegisterUsers where s.Email == EmailID select s).FirstOrDefault();
if (getUser != null)
{
getUser.ResetPasswordCode = resetCode;
//This line I have added here to avoid confirm password not match issue , as we had added a confirm password property
context.Configuration.ValidateOnSaveEnabled = false;
context.SaveChanges();
var subject = "Password Reset Request";
var body = "Hi " + getUser.FirstName + ", <br/> You recently requested to reset your password for your account. Click the link below to reset it. " +
" <br/><br/><a href='" + link + "'>" + link + "</a> <br/><br/>" +
"If you did not request a password reset, please ignore this email or reply to let us know.<br/><br/> Thank you";
SendEmail(getUser.Email, body, subject);
ViewBag.Message = "Reset password link has been sent to your email id.";
}
else
{
ViewBag.Message = "User doesn't exists.";
return View();
}
}
return View();
}
private void SendEmail(string emailAddress, string body, string subject)
{
using (MailMessage mm = new MailMessage("[email protected]", emailAddress))
{
mm.Subject = subject;
mm.Body = body;
mm.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.EnableSsl = true;
NetworkCredential NetworkCred = new NetworkCredential("[email protected]", "YourPassword");
smtp.UseDefaultCredentials = true;
smtp.Credentials = NetworkCred;
smtp.Port = 587;
smtp.Send(mm);
}
}
现在,当用户点击邮件并输入新的密码时,检查guid与我们保存在数据库中的guid是否一致,如果一致则更新密码。
查看更多信息。