问题
How can I reset a password for a user who forgot both the password and the answer to the password reset question? I'm using ASP.Net membership.
回答1:
Assuming your membership provider ("AspNetSqlMembershipProvider") in Web.config has requiresQuestionAndAnswer="true", make a second provider (such as "AspNetSqlMembershipProviderAdministrativeReset") with all of the same settings except for requiresQuestionAndAnswer="false".
Then you can create an action that explicitly uses the second provider to allow an administrator to reset the password without requiring a correct answer to the security question, as in the following snippet:
var provider = Membership.Providers["AspNetSqlMembershipProviderAdministrativeReset"] as MembershipProvider;
var newPassword = provider.ResetPassword(userName, null /* answer */);
回答2:
In an administrative page on your site, you can simply reset a password by first getting a hold of the user:
// Assume user name is 'theuser'. Obviously you would get this beforehand
MembershipUser user = Membership.GetUser("theuser");
string newPassword = user.ResetPassword();
You'll now have the automatically generated password in 'newPassword'. You could send this in an email to the user.
There are other ways to accomplish this as well. The membership database is pretty wide open, so you could come up with entry systems to get the desired new password yourself and place the hashed value in there. Please comment if you need more details. It doesn't have to be difficult.
来源:https://stackoverflow.com/questions/5571496/asp-net-user-forgot-answer-to-password-question