0

我正在尝试实现 asp 身份和 owin 安全性。我实现登录,创建新用户,并在创建新用户时为该用户分配角色。新用户使用用户名和密码NOT EMAIL注册。只有管​​理员才能添加新用户,因为他只能访问管理员页面。

所以下一个问题是我想允许管理员重置密码和删除用户。我的逻辑是我在 gridview 中列出所有用户(它是私有应用程序,所以它想要太多用户)并用两个按钮来做这件事。所以我得到用户但重置不起作用。

我发现了像这个LINK这样的问题, 但我没有找到任何解决方案。

这是我添加新用户的方法,它正在工作。

var userStore = new UserStore<IdentityUser>();
var manager = new UserManager<IdentityUser>(userStore);
var user = new IdentityUser() { UserName = txtUser.Text };

IdentityResult result = manager.Create(user, txtPass.Text);

if (result.Succeeded && ddlRole.SelectedValue=="1")
{ 
    var roleresult = manager.AddToRole(user.Id, "User");            
    var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
    var userIdentity = manager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);

    authenticationManager.SignIn(new AuthenticationProperties() { }, userIdentity);

    Response.Redirect("~/Login.aspx");
}
else if (result.Succeeded && ddlRole.SelectedValue == "2")
{
    var roleresult = manager.AddToRole(user.Id, "Administrator");
    var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
    var userIdentity = manager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);

    authenticationManager.SignIn(new AuthenticationProperties() { }, userIdentity);
    Response.Redirect("~/Login.aspx");
}
else
{
   StatusMessage.Text = result.Errors.FirstOrDefault();
}

我尝试使用此方法重置密码

protected async void btnReset_Click(object sender, EventArgs e)
{
    var userStore = new UserStore<IdentityUser>();
    var manager = new UserManager<IdentityUser>(userStore);
    GridViewRow row = ((Button)sender).NamingContainer as GridViewRow;
    var user = row.Cells[0].Text;
    var token = await manager.GeneratePasswordResetTokenAsync(user);
    var result = await manager.ResetPasswordAsync(user, token, txtNewPass.Text.Trim());

    if (result.Succeeded)
        Literal1.Text = "Uspješno promijenjena lozinka";
    else
        Literal1.Text = "Nismo uspjeli promijeniti lozinku!";
}

但它不起作用。

如果有人可以帮助我重置密码或删除用户,我很感激。

问候

更新 1

我以“经典方式”删除用户

GridViewRow row = ((Button)sender).NamingContainer as GridViewRow;
Label lblUserID = row.FindControl("lblUserID") as Label;//Hidden User ID
String conStr = ConfigurationManager.ConnectionStrings[""].ToString();

using (SqlConnection conn = new SqlConnection(conStr))
{
    conn.Open();

    string sQuery = "DELETE FROM AspNetUsers WHERE Id=@employeeID";

    SqlCommand cmd = new SqlCommand(sQuery, conn);
    cmd.Parameters.AddWithValue("@employeeID", lblUserID.Text);

    try
    {
        cmd.ExecuteNonQuery();
        Literal1.Text = "Uspješno izbrisan korisnik <span class=\"bg-red\">" + row.Cells[1].Text + "</span>";
        ListUsers();
    }
    catch
    {
        Literal1.Text = "<span class=\"bg-red\">Neuspješno brisanje</span>";
    }
}

考虑到安全问题,我不知道这是一个不错的选择。

4

1 回答 1

1

您现在需要将用户对象传递给 GeneratePasswordResetTokenAsync 您在 var 中传递一个字符串 

var user =manager.FindByNameAsync(row.Cells[0].Text);//Hoping that row.Cells[0].Text is username of the user
var token = await manager.GeneratePasswordResetTokenAsync(user);
var result = await manager.ResetPasswordAsync(user, token, txtNewPass.Text.Trim());
于 2020-02-06T11:53:32.140 回答