我正在尝试实现asp身份和owin安全性。我实现登录,创建新用户,并在创建新用户时为该用户分配角色。新用户是使用用户名和密码注册的,而不是电子邮件。只有管理员才能添加新用户,因为他只能访问管理员页面。
所以下一个问题是我希望允许管理员重置密码并删除用户。 我的逻辑是我在 gridview 中列出所有用户(它是私人应用程序,所以它希望用户太多(,并用两个按钮来做这件事。所以我得到了用户,但重置不起作用。
我找到了这样的问题 链接 但我没有找到任何解决方案。
这是我添加新用户的方法,它正在工作。
var userStore = new UserStore<IdentityUser>();
var manager = new UserManager<IdentityUser>(userStore);
var user = new IdentityUser() { UserName = txtUser.Text };
IdentityResult result = manager.Create(user, txtPass.Text);
if (result.Succeeded && ddlRole.SelectedValue=="1")
{
var roleresult = manager.AddToRole(user.Id, "User");
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
var userIdentity = manager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { }, userIdentity);
Response.Redirect("~/Login.aspx");
}
else if (result.Succeeded && ddlRole.SelectedValue == "2")
{
var roleresult = manager.AddToRole(user.Id, "Administrator");
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
var userIdentity = manager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { }, userIdentity);
Response.Redirect("~/Login.aspx");
}
else
{
StatusMessage.Text = result.Errors.FirstOrDefault();
}
我尝试使用此方法重置密码
protected async void btnReset_Click(object sender, EventArgs e)
{
var userStore = new UserStore<IdentityUser>();
var manager = new UserManager<IdentityUser>(userStore);
GridViewRow row = ((Button)sender).NamingContainer as GridViewRow;
var user = row.Cells[0].Text;
var token = await manager.GeneratePasswordResetTokenAsync(user);
var result = await manager.ResetPasswordAsync(user, token, txtNewPass.Text.Trim());
if (result.Succeeded)
Literal1.Text = "Uspješno promijenjena lozinka";
else
Literal1.Text = "Nismo uspjeli promijeniti lozinku!";
}
但它不起作用。
如果有人可以帮助我重置密码或删除用户,我将不胜感激。
问候
更新 1
我以"经典方式"删除用户
GridViewRow row = ((Button)sender).NamingContainer as GridViewRow;
Label lblUserID = row.FindControl("lblUserID") as Label;//Hidden User ID
String conStr = ConfigurationManager.ConnectionStrings[""].ToString();
using (SqlConnection conn = new SqlConnection(conStr))
{
conn.Open();
string sQuery = "DELETE FROM AspNetUsers WHERE Id=@employeeID";
SqlCommand cmd = new SqlCommand(sQuery, conn);
cmd.Parameters.AddWithValue("@employeeID", lblUserID.Text);
try
{
cmd.ExecuteNonQuery();
Literal1.Text = "Uspješno izbrisan korisnik <span class="bg-red">" + row.Cells[1].Text + "</span>";
ListUsers();
}
catch
{
Literal1.Text = "<span class="bg-red">Neuspješno brisanje</span>";
}
}
我不知道考虑到安全问题,这是不是不错的选择。
您需要将用户对象传递给GeneratePasswordResetTokenAsync 现在您正在var中传递一个字符串
var user =manager.FindByNameAsync(row.Cells[0].Text);//Hoping that row.Cells[0].Text is username of the user
var token = await manager.GeneratePasswordResetTokenAsync(user);
var result = await manager.ResetPasswordAsync(user, token, txtNewPass.Text.Trim());