【发布时间】:2016-04-15 03:00:24
【问题描述】:
我正在尝试在我的网站中实施重置密码重置选项。创建帐户时,我像这样散列我的密码:Password = Hasher.Hash(username + unhashedPassword); 在构造函数中,使用我的重置密码选项,在使用 PasswordToken 确认后,我已经可以成功地在数据库中放置一个新的散列密码,但我不明白我是否散列新密码并将其放入数据库为什么我无法使用我设置的新密码登录
重置密码HttpGet:
[HttpGet]
[AllowAnonymous]
public ActionResult ResetPassword(string Id)
{
Id = Request.QueryString.ToString();
ResetPassword model = new ResetPassword();
model.PasswordToken = Id;
return View(model);
}
重置密码HttpPost:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ResetPassword(ResetPassword model)
{
if (Repository.ChangePassword(model.PasswordToken, model.Password))
{
return RedirectToAction("PasswordResetSuccess");
}
return RedirectToAction("PasswordResetFailure");
}
重置密码查看:
@Html.LabelFor(m => m.Password, "New Password:")
@Html.PasswordFor(m => m.Password)
@Html.LabelFor(model => model.RepeatPassword, "Repeat Password:")
@Html.EditorFor(model => model.RepeatPassword)
DatabaseHandler ChangePassword 方法:
public static bool ChangePassword(string passwordToken, string password)
{
RecipeDbContext ctx = new RecipeDbContext();
Account foundPassword = ctx.Accounts.SingleOrDefault(u => u.PasswordToken == passwordToken);
if(foundPassword != null)
{
password = Hasher.Hash(foundPassword.Username + foundPassword.Password);
DbSet<Account> dbSet = ctx.Set<Account>();
dbSet.Attach(foundPassword);
ctx.Entry(foundPassword).State = EntityState.Modified;
ctx.SaveChanges();
return true;
}
return false;
}
存储库更改密码方法:
public static bool ChangePassword(string paswordToken, string password)
{
return DatabaseHandler.ChangePassword(passwordToken, password);
}
哈希类:
public class Hasher
{
public static string Hash(string text)
{
return Convert.ToBase64String(SHA512.Create().ComputeHash(Encoding.UTF32.GetBytes(text)));
}
}
【问题讨论】: