当IsApproved为false时验证ASP.NET成员身份用户名和密码
当IsApproved值为FALSE时,如何检查用户输入的密码是否与数据库中存储的密码匹配 我希望做的事情如下当IsApproved为false时验证ASP.NET成员身份用户名和密码,asp.net,vb.net,validation,asp.net-mvc-2,membership-provider,Asp.net,Vb.net,Validation,Asp.net Mvc 2,Membership Provider,当IsApproved值为FALSE时,如何检查用户输入的密码是否与数据库中存储的密码匹配 我希望做的事情如下 Public Function ValidateUser(ByVal userName As String, ByVal password As String) As Boolean Implements IMembershipService.ValidateUser If String.IsNullOrEmpty(userName) Then Throw New Argument
Public Function ValidateUser(ByVal userName As String, ByVal password As String) As Boolean Implements IMembershipService.ValidateUser
If String.IsNullOrEmpty(userName) Then Throw New ArgumentException("Value cannot be null or empty.", "userName")
If String.IsNullOrEmpty(password) Then Throw New ArgumentException("Value cannot be null or empty.", "password")
Return _provider.ValidateUser(userName, password)
End Function
Public Function ValidateUser(ByVal Username As String, ByVal Password As String, ByRef Approved As Boolean) As Boolean Implements IMembershipService.ValidateUser
Dim ThisMember As MembershipUser = Nothing
Dim ThisResult As Boolean = Nothing
'
Approved = False
ThisResult = False
If String.IsNullOrEmpty(Username) Then
Throw New ArgumentException("Value cannot be null or empty.", "Username")
ElseIf String.IsNullOrEmpty(Password) Then
Throw New ArgumentException("Value cannot be null or empty.", "Password")
ElseIf _Provider.ValidateUser(Username, Password) Then
ThisResult = True
Else
ThisMember = _Provider.GetUser(Username, False)
If (ThisMember Is Nothing) = False Then
Approved = ThisMember.IsApproved
End If
End If
Return ThisResult
ThisMember = Nothing
ThisResult = Nothing
End Function
Public Function ValidateUser(ByVal Username As String, ByVal Password As String, ByRef PwdMatches As Boolean, ByRef Approved As Boolean) As Boolean Implements IMembershipService.ValidateUser
'
Dim ThisMember As MembershipUser = Nothing
Dim ThisResult As Boolean = Nothing
'
Approved = False
ThisResult = False
PwdMatches = False
If String.IsNullOrEmpty(Username) Then
Throw New ArgumentException("Value cannot be null or empty.", "Username")
ElseIf String.IsNullOrEmpty(Password) Then
Throw New ArgumentException("Value cannot be null or empty.", "Password")
ElseIf _Provider.ValidateUser(Username, Password) Then
ThisResult = True
Else
Try
ThisMember = _Provider.GetUser(Username, False)
Try
If (ThisMember Is Nothing) = False Then
Approved = ThisMember.IsApproved
Try
<!-- This is the point im stuck on -->
If Password_Matches_With_Password_In_Db Then
PwdMatches = True
Else
PwdMatches = False
End If
Catch ex As Exception
ThisResult = False
End Try
Else
ThisResult = False
End If
Catch ex As Exception
ThisResult = False
End Try
Catch ex As Exception
ThisResult = False
End Try
End If
Return ThisResult
ThisMember = Nothing
ThisResult = Nothing
End Function
Public Function ValidateUser(ByVal用户名作为字符串,ByVal密码作为字符串,ByRef PwdMatches作为布尔值,ByRef Approved作为布尔值)作为布尔值实现IMembershipService.ValidateUser
'
Dim ThisMember As MembershipUser=无
将此结果设置为布尔值=无
'
批准=错误
此结果=错误
PwdMatches=False
如果String.IsNullOrEmpty(用户名),则
抛出新ArgumentException(“值不能为null或空。”,“用户名”)
ElseIf String.IsNullOrEmpty(密码)则
抛出新ArgumentException(“值不能为null或空。”,“密码”)
ElseIf\u Provider.ValidateUser(用户名、密码)然后
此结果=真
其他的
尝试
ThisMember=\u Provider.GetUser(用户名,False)
尝试
如果(ThisMember为Nothing)=False,则
已批准=此成员。已批准
尝试
如果密码与数据库中的密码匹配,则
PwdMatches=True
其他的
PwdMatches=False
如果结束
特例
此结果=错误
结束尝试
其他的
此结果=错误
如果结束
特例
此结果=错误
结束尝试
特例
此结果=错误
结束尝试
如果结束
返回此结果
此成员=无
这个结果=没有
端函数
您应该能够调用成员资格GetPassword
方法,将Nothing
作为passwordAnswer
参数传入,这只会导致返回密码
然而,关于这种方法的免责声明是:我们已经实现了我们自己的成员资格提供程序和SQL,我没有原始代码来验证这一点,因此默认提供程序中可能有某种东西会阻止这种方法,但值得一试
编辑:
在对密码进行哈希处理的情况下,该问题的一个可能解决方案是对users表执行直接数据库查询,以获取IsApproved标志的状态。您可以在调用GetUser之前或之后执行此操作,具体取决于您对最终用户的信任程度(如果您不信任他们,我会在调用之后执行此操作,以防止有人尝试多个用户查看哪些用户处于活动状态)。- 我认为一种方法是创建一个表来存储等待批准的用户帐户。当用户注册时,使用userID或userName填充此表,或者设置一些标志,指示尚未激活帐户的用户以及已发送邮件的用户。用户登录时检查此表,如果存在或未设置标志,则显示“向用户激活您的帐户”
- 编写一个连接到DB的函数,并使用用户ID从
Aspnet\u成员资格表中获取批准状态。列名为
,为真或假IsApproved
Dim user As MembershipUser=Membership.GetUser(用户名); Dim被批准为布尔值=myMethodCheckIfUserIsApproved(user.ProviderUserKey)//用户标识
Public Function ValidateUser(ByVal userName As String, ByVal password As String) As Boolean Implements IMembershipService.ValidateUser
If String.IsNullOrEmpty(userName) Then Throw New ArgumentException("Value cannot be null or empty.", "userName")
If String.IsNullOrEmpty(password) Then Throw New ArgumentException("Value cannot be null or empty.", "password")
Return _provider.ValidateUser(userName, password)
End Function
Public Function ValidateUser(ByVal Username As String, ByVal Password As String, ByRef Approved As Boolean) As Boolean Implements IMembershipService.ValidateUser
Dim ThisMember As MembershipUser = Nothing
Dim ThisResult As Boolean = Nothing
'
Approved = False
ThisResult = False
If String.IsNullOrEmpty(Username) Then
Throw New ArgumentException("Value cannot be null or empty.", "Username")
ElseIf String.IsNullOrEmpty(Password) Then
Throw New ArgumentException("Value cannot be null or empty.", "Password")
ElseIf _Provider.ValidateUser(Username, Password) Then
ThisResult = True
Else
ThisMember = _Provider.GetUser(Username, False)
If (ThisMember Is Nothing) = False Then
Approved = ThisMember.IsApproved
End If
End If
Return ThisResult
ThisMember = Nothing
ThisResult = Nothing
End Function
修改后的函数如下
Public Function ValidateUser(ByVal userName As String, ByVal password As String) As Boolean Implements IMembershipService.ValidateUser
If String.IsNullOrEmpty(userName) Then Throw New ArgumentException("Value cannot be null or empty.", "userName")
If String.IsNullOrEmpty(password) Then Throw New ArgumentException("Value cannot be null or empty.", "password")
Return _provider.ValidateUser(userName, password)
End Function
Public Function ValidateUser(ByVal Username As String, ByVal Password As String, ByRef Approved As Boolean) As Boolean Implements IMembershipService.ValidateUser
Dim ThisMember As MembershipUser = Nothing
Dim ThisResult As Boolean = Nothing
'
Approved = False
ThisResult = False
If String.IsNullOrEmpty(Username) Then
Throw New ArgumentException("Value cannot be null or empty.", "Username")
ElseIf String.IsNullOrEmpty(Password) Then
Throw New ArgumentException("Value cannot be null or empty.", "Password")
ElseIf _Provider.ValidateUser(Username, Password) Then
ThisResult = True
Else
ThisMember = _Provider.GetUser(Username, False)
If (ThisMember Is Nothing) = False Then
Approved = ThisMember.IsApproved
End If
End If
Return ThisResult
ThisMember = Nothing
ThisResult = Nothing
End Function
与直接操纵数据库和散列密码相比,我更喜欢这个过程
因此,实际上,这更多的是关于原始处理顺序是背对背的。。。。
即。
非(1)验证登录凭据