Membership.RequiresQuestionAndAnswer 属性
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
获取一个值,该值指示默认成员身份提供程序是否需要用户回答密码重置和检索的密码问题。
public:
static property bool RequiresQuestionAndAnswer { bool get(); };public static bool RequiresQuestionAndAnswer { get; }static member RequiresQuestionAndAnswer : boolPublic Shared ReadOnly Property RequiresQuestionAndAnswer As Boolean属性值
true 如果密码重置和检索需要密码答案,则为否则,为 false.
示例
下面的代码示例演示 ASP.NET 应用程序的 Web.config 文件中 的成员身份 元素 system.web 。 它指定应用程序使用实例 SqlMembershipProvider、启用密码重置,并在执行重置时需要密码答案。
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
applicationName="MyApplication" />
</providers>
</membership>
下面的代码示例检查值 RequiresQuestionAndAnswer ,并为创建用户时提供的密码问题和答案添加必要的控件。
Important
此示例包含接受用户输入的文本框,这是潜在的安全威胁。 默认情况下,ASP.NET 网页验证用户输入是否不包含脚本或 HTML 元素。 有关详细信息,请参阅 脚本攻击概述。
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
public void CreateUser_OnClick(object sender, EventArgs args)
{
// Create new user and retrieve create status result.
MembershipCreateStatus status;
string passwordQuestion = "";
string passwordAnswer = "";
if (Membership.RequiresQuestionAndAnswer)
{
passwordQuestion = PasswordQuestionTextbox.Text;
passwordAnswer = PasswordAnswerTextbox.Text;
}
try
{
MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text,
EmailTextbox.Text, passwordQuestion,
passwordAnswer, true, out status);
if (newUser == null)
{
Msg.Text = GetErrorMessage(status);
}
else
{
Response.Redirect("login.aspx");
}
}
catch
{
Msg.Text = "An exception occurred creating the user.";
}
}
public string GetErrorMessage(MembershipCreateStatus status)
{
switch (status)
{
case MembershipCreateStatus.DuplicateUserName:
return "Username already exists. Please enter a different user name.";
case MembershipCreateStatus.DuplicateEmail:
return "A username for that email address already exists. Please enter a different email address.";
case MembershipCreateStatus.InvalidPassword:
return "The password provided is invalid. Please enter a valid password value.";
case MembershipCreateStatus.InvalidEmail:
return "The email address provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidAnswer:
return "The password retrieval answer provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidQuestion:
return "The password retrieval question provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidUserName:
return "The user name provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.ProviderError:
return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
case MembershipCreateStatus.UserRejected:
return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
default:
return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Create User</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Create New User</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
<table cellpadding="3" border="0">
<tr>
<td>Username:</td>
<td><asp:Textbox id="UsernameTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UserNameTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password:</td>
<td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordRequiredValidator" runat="server"
ControlToValidate="PasswordTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><asp:Textbox id="PasswordConfirmTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordConfirmRequiredValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" />
<asp:CompareValidator id="PasswordConfirmCompareValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ControlToCompare="PasswordTextBox"
ErrorMessage="Confirm password must match password." />
</td>
</tr>
<tr>
<td>Email Address:</td>
<td><asp:Textbox id="EmailTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="EmailRequiredValidator" runat="server"
ControlToValidate="EmailTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% if (Membership.RequiresQuestionAndAnswer) { %>
<tr>
<td>Password Question:</td>
<td><asp:Textbox id="PasswordQuestionTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordQuestionRequiredValidator" runat="server"
ControlToValidate="PasswordQuestionTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password Answer:</td>
<td><asp:Textbox id="PasswordAnswerTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordAnswerRequiredValidator" runat="server"
ControlToValidate="PasswordAnswerTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% } %>
<tr>
<td></td>
<td><asp:Button id="CreateUserButton" Text="Create User" OnClick="CreateUser_OnClick" runat="server" /></td>
</tr>
</table>
</form>
</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Public Sub CreateUser_OnClick(sender As Object, args As EventArgs)
' Create new user and retrieve create status result.
Dim status As MembershipCreateStatus
Dim passwordQuestion As String = ""
Dim passwordAnswer As String = ""
If Membership.RequiresQuestionAndAnswer Then
passwordQuestion = PasswordQuestionTextbox.Text
passwordAnswer = PasswordAnswerTextbox.Text
End If
Try
Dim newUser As MembershipUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text, _
EmailTextbox.Text, passwordQuestion, _
passwordAnswer, True, status)
If newUser Is Nothing Then
Msg.Text = GetErrorMessage(status)
Else
Response.Redirect("login.aspx")
End If
Catch
Msg.Text = "An exception occurred creating the user."
End Try
End Sub
Public Function GetErrorMessage(status As MembershipCreateStatus) As String
Select Case status
Case MembershipCreateStatus.DuplicateUserName:
Return "Username already exists. Please enter a different user name."
Case MembershipCreateStatus.DuplicateEmail:
Return "A username for that email address already exists. Please enter a different email address."
Case MembershipCreateStatus.InvalidPassword:
Return "The password provided is invalid. Please enter a valid password value."
Case MembershipCreateStatus.InvalidEmail:
Return "The email address provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.InvalidAnswer:
Return "The password retrieval answer provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.InvalidQuestion:
Return "The password retrieval question provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.InvalidUserName
Return "The user name provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.ProviderError:
Return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator."
Case MembershipCreateStatus.UserRejected:
Return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator."
Case Else:
Return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator."
End Select
End Function
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Create User</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Create New User</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" />
<table cellpadding="3" border="0">
<tr>
<td>Username:</td>
<td><asp:Textbox id="UsernameTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UserNameTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password:</td>
<td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordRequiredValidator" runat="server"
ControlToValidate="PasswordTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><asp:Textbox id="PasswordConfirmTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordConfirmRequiredValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" />
<asp:CompareValidator id="PasswordConfirmCompareValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ControlToCompare="PasswordTextBox"
ErrorMessage="Confirm password must match password." />
</td>
</tr>
<tr>
<td>Email Address:</td>
<td><asp:Textbox id="EmailTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="EmailRequiredValidator" runat="server"
ControlToValidate="EmailTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% If Membership.RequiresQuestionAndAnswer Then %>
<tr>
<td>Password Question:</td>
<td><asp:Textbox id="PasswordQuestionTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordQuestionRequiredValidator" runat="server"
ControlToValidate="PasswordQuestionTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password Answer:</td>
<td><asp:Textbox id="PasswordAnswerTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordAnswerRequiredValidator" runat="server"
ControlToValidate="PasswordAnswerTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% End If %>
<tr>
<td></td>
<td><asp:Button id="CreateUserButton" Text="Create User" OnClick="CreateUser_OnClick" runat="server" /></td>
</tr>
</table>
</form>
</body>
</html>
注解
在检索或重置用户密码时,需要密码问题和答案可提供额外的安全层。 用户可以在创建用户名时提供一个问题和答案,供他们稍后用来检索或重置忘记的密码。
true,提供的密码应答null,则随 .NET Framework 提供的提供程序引发 NotSupportedException。
如果 EnablePasswordReset 同时 EnablePasswordRetrieval 存在这两种 false情况, RequiresQuestionAndAnswer 则仍可用于在创建新用户时强制创建问题和答案;但是,不会使用问题和答案。 你将能够使用该 MembershipUser 类检索问题。
有关详细信息,请参阅 ResetPassword 和 GetPassword。
