Learning from membership: Changing the password

Vs comes with the changepassword password control. Although this control can be modified, it is something of others, and many places do not meet their own requirements. Therefore, we often want to create beautiful password modification pages on our own.

Before changing a password, you must specify whether the password stored in the database is saved in plaintext or in ciphertext. If the former is relatively simple.

1. Save in plain text.

Only the logged-on user can change the password. Therefore, you must first determine whether the user is logged on. If the user is not logged on, the logon page is displayed.

The Code is as follows:

 

Code

   private static string username;
protected void Page_Load(object sender, EventArgs e)
    {
if (Context.User.Identity.IsAuthenticated)
        username = Context.User.Identity.Name;

else
            Response.Redirect("login.aspx");
    }

 

Then, the login user is asked to enter his old password and new password to modify the password.

The Code is as follows:

 

Code

 Protected void button#click (Object sender, eventargs E)
{
String oldpwd = textbox1.text. Trim ();
String newpwd = textbox3.text. Trim ();
Membershipuser u = membership. getuser (context. User. Identity. Name );
If (oldpwd! = U. GetPassword ("default "))
{Response. Write ("<SCRIPT> alert ('old password is incorrect! '); </SCRIPT> ");}
Else
{
Try
{
U. changepassword (oldpwd, newpwd );
}
Catch (exception)
{

Throw;
}

Response. Write ("<SCRIPT> alert ('password modified successfully, please log on again '); location = 'login. aspx' </SCRIPT> ");
}
}

 

Three methods are used here:

 

Membership. getuser (username) is used to obtain information about the current user.

GetPassword (passwordanswer) is used to obtain the current user password.

When I first registered, the password prompt questions and password prompt answers are set to "default" (refer to the previous membership learning: User Registration), so here we write them directly as U. getPassword ("default ")

The third method is changepassword (oldpwd, newpwd );

This method is used to update the password.

In this way, the password of the current user is updated, and the logon page is displayed to log on again. The password change method is simple, but there must be two prerequisites:

1. The password is saved in plaintext.

2. password prompt questions and password prompt answers are fixed by the programmer during user registration.

 

Ii. Password is saved in ciphertext format

Since the password has been encrypted, it is impossible to extract it from the database. Decryption is not possible, but you can use the resetpassword method to generate a new password and then change the password.

 

Code

 Protected void button#click (Object sender, eventargs E)
{
String newpwd = txtpwd. Text. Trim ();
Membershipuser u = membership. getuser (context. User. Identity. Name );
Try
{
String P = U. resetpassword ("default ");
U. changepassword (p, newpwd );
}
Catch (exception)
{

Throw;
}

Response. Write ("<SCRIPT> alert ('password modified successfully, please log on again '); location = 'login. aspx' </SCRIPT> ");
}
}

 

Three methods are also used here:

Geuuser (username );

Resetpassword ();

Changepassword (oldpwd, newpwd );

The password can also be changed, but there are two prerequisites:

1. The value of enablepasswordreset must be true;

2. password prompt questions and password prompt answers are fixed by the programmer during user registration.