Share via

SqlMembershipProvider.GetPassword(String, String) 方法

  • 參考

定義

命名空間:
System.Web.Security
組件:
System.Web.dll

傳回 SQL Server 成員資格資料庫中所指定使用者名稱的密碼。

public:
 override System::String ^ GetPassword(System::String ^ username, System::String ^ passwordAnswer);
public override string GetPassword (string username, string passwordAnswer);
override this.GetPassword : string * string -> string
Public Overrides Function GetPassword (username As String, passwordAnswer As String) As String

參數

username
String

要為其擷取密碼的使用者。

passwordAnswer
String

使用者的密碼解答。

傳回

String

受指定使用者的密碼。

例外狀況

MembershipPasswordException

passwordAnswer 無效。

-或-

username 所識別的成員資格使用者已鎖定。

NotSupportedException

EnablePasswordRetrieval 設定為 false

ProviderException

username 在成員資格資料庫中找不到。

-或-

從資料庫擷取密碼時發生錯誤。

ArgumentException

其中一個參數值超過所允許的最大長度。

-或-

username 為空字串 ("")、包含逗號或超過 256 個字元。

-或-

passwordAnswer 為空字串,且 RequiresQuestionAndAnswertrue

-或-

passwordAnswer 大於 128 個字元。

-或-

passwordAnswer 的已編碼版本長度大於 128 個字元。

ArgumentNullException

usernamenull

-或-

passwordAnswernull,而 RequiresQuestionAndAnswertrue

範例

下列程式碼範例會擷取指定使用者名稱的密碼,並在電子郵件訊息中傳送給使用者。

注意

對於需要高安全性的網站,不建議使用電子郵件以純文字傳回密碼。 針對高安全性網站,建議您使用加密來傳回密碼,例如 SSL。

注意

這個範例會使用 Membership 類別,呼叫 SqlMembershipProvider 指定為 defaultProvider Web.config 檔案中的 。 如果您需要存取預設提供者做為 類型 SqlMembershipProvider ,您可以轉換 Provider 類別的 Membership 屬性。 若要以特定提供者類型存取其他已設定的提供者,您可以使用 類別 ProvidersMembership 屬性來存取這些提供者,並將其轉換成特定提供者類型。

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Net.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Page_Load(object sender, EventArgs args)
{
  if (!Membership.EnablePasswordRetrieval)
  {
    FormsAuthentication.RedirectToLoginPage();
  }

  Msg.Text = "";

  if (!IsPostBack)
  {
    Msg.Text = "Please enter a user name.";
  }
  else
  {
    VerifyUsername();
  }
}


public void VerifyUsername()
{
    MembershipUser user = Membership.GetUser(UsernameTextBox.Text, false);

    if (user == null)
    {
      Msg.Text = "The user name " + Server.HtmlEncode(UsernameTextBox.Text) + " was not found. Please check the value and re-enter.";

      QuestionLabel.Text = "";
      QuestionLabel.Enabled = false;
      AnswerTextBox.Enabled = false;
      EmailPasswordButton.Enabled = false;
    }
    else
    {
      QuestionLabel.Text = user.PasswordQuestion;
      QuestionLabel.Enabled = true;
      AnswerTextBox.Enabled = true;
      EmailPasswordButton.Enabled = true;
    }
}


public void EmailPassword_OnClick(object sender, EventArgs args)
{
  // Note: Returning a password in clear text using email is not recommended for
  // sites that require a high level of security.

  try
  {
    string password = Membership.Provider.GetPassword(UsernameTextBox.Text, AnswerTextBox.Text);
    MembershipUser u = Membership.GetUser(UsernameTextBox.Text);
    EmailPassword(u.Email, password);
    Msg.Text = "Your password was sent via email.";
  }
  catch (MembershipPasswordException e)
  {
    Msg.Text = "The password answer is incorrect. Please check the value and try again.";
  }
  catch (System.Configuration.Provider.ProviderException e)
  {
    Msg.Text = "An error occurred retrieving your password. Please check your values " +
               "and try again.";
  }
}


private void EmailPassword(string email, string password)
{
  try
  {
    MailMessage Message = new MailMessage("administrator", email);
    Message.Subject = "Your Password";
    Message.Body = "Your password is: " + Server.HtmlEncode(password);

    SmtpClient SmtpMail = new SmtpClient("SMTPSERVER");
    SmtpMail.Send(Message);
  }
  catch 
  {
    Msg.Text = "An exception occurred while sending your password. Please try again.";
  }
}

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Retrieve Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Retrieve Password</h3>

  <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />

  Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
            <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                        ControlToValidate="UsernameTextBox" ForeColor="red"
                                        Display="Static" ErrorMessage="Required" /><br />

  Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />

  Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="false" />
          <asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                      ControlToValidate="AnswerTextBox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" Enabled="false" /><br />

  <asp:Button id="EmailPasswordButton" Text="Email My Password" 
              OnClick="EmailPassword_OnClick" runat="server" Enabled="false" />

</form>

</body>
</html>


<%@ Page Language="VB" %>

<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Net.Mail" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

  Public Sub Page_Load(ByVal sender As Object, ByVal args As EventArgs)

    If Not Membership.EnablePasswordRetrieval Then
      FormsAuthentication.RedirectToLoginPage()
    End If

    Msg.Text = ""

    If Not IsPostBack Then
      Msg.Text = "Please enter a user name."
    Else
      VerifyUsername()
    End If

  End Sub


  Private Sub VerifyUsername()

    Dim user As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False)

    If user Is Nothing Then
      Msg.Text = "The user name " & Server.HtmlEncode(UsernameTextBox.Text) & " was not found. Please check the value and re-enter."

      QuestionLabel.Text = ""
      QuestionLabel.Enabled = False
      AnswerTextBox.Enabled = False
      EmailPasswordButton.Enabled = False
    Else
      QuestionLabel.Text = user.PasswordQuestion
      QuestionLabel.Enabled = True
      AnswerTextBox.Enabled = True
      EmailPasswordButton.Enabled = True
    End If

  End Sub


  Public Sub EmailPassword_OnClick(ByVal sender As Object, ByVal args As EventArgs)

    ' Note: Returning a password in clear text using email is not recommended for
    ' sites that require a high level of security.

    Try
      Dim password As String = Membership.Provider.GetPassword(UsernameTextBox.Text, AnswerTextBox.Text)
      Dim u As MembershipUser = Membership.GetUser(UsernameTextBox.Text)
      EmailPassword(u.Email, password)
      Msg.Text = "Your password was sent via email."
    Catch e As MembershipPasswordException
      Msg.Text = "The password answer is incorrect. Please check the value and try again."
    Catch e As System.Configuration.Provider.ProviderException
      Msg.Text = "An error occurred retrieving your password. Please check your values " & _
                 "and try again."
    End Try

  End Sub


  Private Sub EmailPassword(ByVal email As String, ByVal password As String)

    Try
      Dim Message As MailMessage = New MailMessage("administrator", email)
      Message.Subject = "Your Password"
      Message.Body = "Your password is: " & Server.HtmlEncode(password)
      
      Dim SmtpMail As SmtpClient = New SmtpClient("SMTPSERVER")
      SmtpMail.Send(Message)
    Catch
      Msg.Text = "An exception occurred while sending your password. Please try again."
    End Try

  End Sub

</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Sample: Retrieve Password</title>
</head>
<body>
  <form id="form1" runat="server">
    <h3>
      Retrieve Password</h3>
    <asp:Label ID="Msg" runat="server" ForeColor="maroon" /><br />
    Username:
    <asp:TextBox ID="UsernameTextBox" Columns="30" runat="server" AutoPostBack="True" />
    <asp:RequiredFieldValidator ID="UsernameRequiredValidator" runat="server" ControlToValidate="UsernameTextBox"
      ForeColor="red" Display="Static" ErrorMessage="Required" /><br />
    Password Question: <b>
      <asp:Label ID="QuestionLabel" runat="server" /></b><br />
    Answer:
    <asp:TextBox ID="AnswerTextBox" Columns="60" runat="server" Enabled="False" />
    <asp:RequiredFieldValidator ID="AnswerRequiredValidator" runat="server" ControlToValidate="AnswerTextBox"
      ForeColor="red" Display="Static" ErrorMessage="Required" Enabled="False" /><br />
    <asp:Button ID="EmailPasswordButton" Text="Email My Password" OnClick="EmailPassword_OnClick"
      runat="server" Enabled="False" />
  </form>
</body>
</html>

備註

類別會 MembershipUser 呼叫這個方法,以從 ASP.NET 應用程式組態檔 (Web.config) 中指定的SQL Server資料庫擷取使用者的密碼。

如果提供不正確的密碼答案給 GetPassword 方法,追蹤無效密碼回應嘗試的內部計數器會遞增一個。 這可能會導致使用者遭到鎖定,且無法在方法呼叫 UnlockUser 清除鎖定狀態之前登入。 如果提供正確的密碼答案且使用者目前未鎖定,則追蹤無效密碼回應嘗試的內部計數器會重設為零。 如需詳細資訊,請參閱 MaxInvalidPasswordAttemptsPasswordAttemptWindow 屬性。

您可以直接呼叫 GetPassword 方法,方法是先透過 Provider 類別的 屬性取得 實例的 Membership 參考 SqlMembershipProvider

PasswordFormat如果 屬性設定 Hashed 為 ,則 GetPassword 方法無法擷取密碼。 雜湊密碼會以單向方式加密,而且無法解密。 PasswordFormat如果 屬性設定 Hashed 為 ,且 EnablePasswordRetrieval 設定 true 為 , ProviderException 則會在初始化提供者時擲回 。

前置和尾端空格會從所有參數值修剪。

適用於

另請參閱