1、Username:直接改Users表(明文)
2、Password:利用存储过程强重置密码。[aspnet_Membership_SetPassword]
public stringGenerateSalt()
{
byte[]data = new byte[0x10];
newSystem.Security.Cryptography.RNGCryptoServiceProvider().GetBytes(data);
return Convert.ToBase64String(data);
}///<summary>
///哈t希¡ê密¨¹码?加¨®密¨¹(不?可¨¦还1原-)
///</summary>
///<paramname="s">原-始º?字Á?符¤?串ä?</param>
///<paramname="saltKey">Salt加¨®密¨¹字Á?符¤?串ä?</param>
///<paramname="hashName">加¨®密¨¹格?式º?(MD5, SHA1, SHA256, SHA384,SHA512.)</param>
///<returns>加¨®密¨¹过y的Ì?密¨¹码?</returns>
public stringEncryptToHashString(string s, string saltKey, stringhashName)
{
byte[]src = System.Text.Encoding.Unicode.GetBytes(s);
byte[]saltbuf = Convert.FromBase64String(saltKey);
byte[]dst = new byte[saltbuf.Length+ src.Length];
byte[] inArray = null;
System.Buffer.BlockCopy(saltbuf,0, dst, 0, saltbuf.Length);
System.Buffer.BlockCopy(src,0, dst, saltbuf.Length, src.Length);
System.Security.Cryptography.HashAlgorithm algorithm =
System.Security.Cryptography.HashAlgorithm.Create(hashName);
inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
protected voidButton7_Click(object sender, EventArgs e)
{
stringnewpw = TextBox6.Text;
if (newpw.Length == 0)
{
Label7.Text = "请?输º?入¨?新?密¨¹码?";
return;
}
stringconnStr = cc.TSConnectionString;
//=== 产¨²生¦¨²加¨®密¨¹用®?的Ì?密¨¹码?密¨¹钥? ===
stringsalt = GenerateSalt();
//=== 将?明¡Â码?密¨¹码?加¨®密¨¹(此ä?时º¡À密¨¹码?为a"P@ssw0rd" 当Ì¡À然¨?也°2可¨¦随?机¨²数ºy生¦¨²成¨¦) ===
//web.config\membership\providor中D配?置?的Ì?passwordFormat="Hashed"即¡ä为aSHA1哈t希¡ê算?法¤¡§
stringpassword = EncryptToHashString(newpw, salt, "SHA1");
System.Data.SqlClient.SqlConnection conn = newSystem.Data.SqlClient.SqlConnection(connStr);
conn.Open();
//=== 在¨²此ä?我¨°们?呼?叫D Membership 提¬¨¢供?者? 数ºy据Y库a里¤?的Ì?预¡è存ä?程¨¬序¨°来¤¡ä重?置?密¨¹码? ===
System.Data.SqlClient.SqlCommand cmd = newSystem.Data.SqlClient.SqlCommand("aspnet_Membership_SetPassword", conn);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
//=== 目?前¡ã使º1用®? Membership 提¬¨¢供?者?的Ì? web 应®|用®?程¨¬序¨°名?称? ===
cmd.Parameters.Add("@ApplicationName",System.Data.SqlDbType.NVarChar,255).Value=System.Web.Security.Membership.ApplicationName;
//=== 要°a重?置?密¨¹码?的Ì?用®?户¡ì账?号? ===
cmd.Parameters.Add("@UserName",System.Data.SqlDbType.NVarChar,255).Value= username;
//=== 加¨®密¨¹过y的Ì?密¨¹码? ===
cmd.Parameters.Add("@NewPassword",System.Data.SqlDbType.NVarChar,255).Value= password;
//=== 密¨¹码?加¨®密¨¹密¨¹钥?( 定¡§和¨ª使º1用®?加¨®密¨¹密¨¹码?的Ì?密¨¹钥? 样¨´,ê?不?要°a再¨´重?新?产¨²生¦¨²) ===
cmd.Parameters.Add("@PasswordSalt", System.Data.SqlDbType.NVarChar, 255).Value = salt;
//=== 重?置?密¨¹码?的Ì?时º¡À间? ===
cmd.Parameters.Add("@CurrentTimeUtc",System.Data.SqlDbType.DateTime).Value= DateTime.Now;
//=== 密¨¹码?加¨®密¨¹的Ì?格?式º?(此ä?时º¡À是º?Hash1,ê?注Á¡é意°a传ä?入¨?参?数ºy是º?int型¨ª态¬?。¡ê) ===
cmd.Parameters.Add("@PasswordFormat", System.Data.SqlDbType.NVarChar, 255).Value =System.Web.Security.Membership.Provider.PasswordFormat.GetHashCode();
//=== 宣?告? 个?可¨¦以°?接¨®收º?回?传ä?值¦Ì得Ì?参?数ºy ===
System.Data.SqlClient.SqlParameter returnValue = new System.Data.SqlClient.SqlParameter();
returnValue.ParameterName = "returnValue";
returnValue.Direction = System.Data.ParameterDirection.ReturnValue;
cmd.Parameters.Add(returnValue);
//=== 执¡ä行D预¡è存ä?程¨¬序¨° ===
cmd.ExecuteNonQuery();
conn.Close();
//=== 检¨¬查¨¦重?置?密¨¹码?是º?否¤?成¨¦功| ===
if(returnValue.Value.ToString() == "0")
{
Label7.Text = "修T改?密¨¹码?成¨¦功|";
cc.WriteOperationLog(User.Identity.Name,"重?置?用®?户¡ì《?" + username + "》¡¤的Ì?密¨¹码?为a" + newpw);
}
else
Label7.Text = "修T改?密¨¹码?失º¡ì败㨹!!";
}
3、PasswordQuestion:直接改[aspnet_Membership]
cmd.CommandText = "UPDATE [TravelService].[dbo].[aspnet_Membership]"+
"SET [PasswordQuestion] = @passwordQuestion "+
"WHERE [UserId] = "+
"(SELECT aspnet_Membership.UserId as id "+
" FROM aspnet_Membership INNER JOINaspnet_Users "+
" ON aspnet_Membership.UserId =aspnet_Users.UserId "+
" WHERE (aspnet_Users.UserName = @username))";
这是以用户名username为已知条件,修改密码问题。
4、PasswordQuestionAnswer:利用存储过程强改
[aspnet_Membership_ChangePasswordQuestionAndAnswer]
或直接加密密码答案然后写入表[aspnet_Membership]中
protected voidButton9_Click(object sender, EventArgs e)
{
stringnewpw = TextBox8.Text;
if(newpw.Length == 0)
{
Label10.Text = "请?输º?入¨?新?密¨¹码?";
return;
}
stringconnStr = cc.TSConnectionString;
//=== 产¨²生¦¨²加¨®密¨¹用®?的Ì?密¨¹码?密¨¹钥? ===
stringsalt = "";
System.Data.SqlClient.SqlConnection conn = newSystem.Data.SqlClient.SqlConnection(connStr);
System.Data.SqlClient.SqlCommand cmd = newSystem.Data.SqlClient.SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "SELECT aspnet_Membership.PasswordSalt "+
"FROM aspnet_Membership INNER JOIN aspnet_Users "+
"ON aspnet_Membership.UserId = aspnet_Users.UserId "+
" WHERE(aspnet_Users.UserName = @username)";
cmd.Parameters.Add("@username", System.Data.SqlDbType.NVarChar, 255).Value = username;
intcount = 0;
stringpasswordQA;
try
{
conn.Open();
salt = (string)cmd.ExecuteScalar();
if(salt.Length <= 0)
{
Label10.Text = "未¡ä找¨°到Ì?用®?户¡ì" + username + "的Ì?密¨¹钥?。¡ê";
return;
}
passwordQA =EncryptToHashString(newpw, salt, "SHA1");
cmd.CommandText = "UPDATE [TravelService].[dbo].[aspnet_Membership]" +
"SET [PasswordAnswer] = @passwordAnswer " +
"WHERE [UserId] = " +
"(SELECT aspnet_Membership.UserId as id " +
" FROM aspnet_Membership INNER JOINaspnet_Users " +
" ON aspnet_Membership.UserId =aspnet_Users.UserId " +
" WHERE (aspnet_Users.UserName = @username))";
cmd.Parameters.Add("@passwordAnswer", System.Data.SqlDbType.NVarChar, 255).Value = passwordQA;
count = cmd.ExecuteNonQuery();
}
catch(System.Data.SqlClient.SqlException se)
{
thrownew System.Configuration.Provider.ProviderException("检¨¬索¡Â用®?户¡ì失º¡ì败㨹。¡ê\n\n描¨¨述º?为a:êo" + se.Message);
}
finally
{
conn.Close();
}
if(count > 0)
{
Label10.Text = "密¨¹码?提¬¨¢示º?问¨º题¬a答äe案ã?修T改?完ª¨º毕À?。¡ê";
cc.WriteOperationLog(User.Identity.Name,"修T改?用®?户¡ì《?" + username + "》¡¤的Ì?密¨¹码?提¬¨¢示º?问¨º题¬a答äe案ã?为a“¡ã" + passwordQA + "”¡À");
}
else
{
Label10.Text = "密¨¹码?提¬¨¢示º?问¨º题¬a答äe案ã?修T改?失º¡ì败㨹。¡ê";
}
}
5、Email、comment:system.web.security.membershipuser.updateuser(username)
protected voidButton10_Click(object sender, EventArgs e)
{
stringemail = TextBox9.Text;
if(email.Length == 0)
{
Label12.Text = "请?输º?入¨?新?的Ì?Email地Ì?址¡¤";
return;
}
System.Web.Security.MembershipUser u = System.Web.Security.Membership.GetUser(username);
u.Email = email;
System.Web.Security.Membership.UpdateUser(u);
Label12.Text = "Email地Ì?址¡¤修T改?完ª¨º毕À?,ê?新?Email为a:êo" + email + "。¡ê";
cc.WriteOperationLog(User.Identity.Name, "修T改?用®?户¡ì《?" + username + "》¡¤的Ì?Email地Ì?址¡¤为a" + email);
}
6、LockedOut:System.Web.Security.SqlMembershipProvider. UnlockUser (username)
System.Web.Security.MembershipUseru = System.Web.Security.Membership.GetUser(username);
if(u.UnlockUser()
7、用户角色:System.Web.Security.Roles.RemoveUserFromRoles(username,roleArray);
System.Web.Security.Roles.AddUserToRole(username, selectrole);