Membership.RequiresQuestionAndAnswer Propiedad
Definición
Importante
Parte de la información hace referencia a la versión preliminar del producto, que puede haberse modificado sustancialmente antes de lanzar la versión definitiva. Microsoft no otorga ninguna garantía, explícita o implícita, con respecto a la información proporcionada aquí.
Obtiene un valor que indica si el proveedor de pertenencia predeterminado necesita que el usuario responda una pregunta de la contraseña para restablecerla y recuperarla.
public:
static property bool RequiresQuestionAndAnswer { bool get(); };public static bool RequiresQuestionAndAnswer { get; }static member RequiresQuestionAndAnswer : boolPublic Shared ReadOnly Property RequiresQuestionAndAnswer As BooleanValor de propiedad
true si se requiere una respuesta de contraseña para el restablecimiento y la recuperación de la contraseña; de lo contrario, false.
Ejemplos
En el ejemplo de código siguiente se muestra el elemento membership de la system.web sección del archivo Web.config para una aplicación de ASP.NET. Especifica que la aplicación usa una instancia de , habilita el SqlMembershipProviderrestablecimiento de contraseña y requiere una respuesta de contraseña al realizar un restablecimiento.
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
applicationName="MyApplication" />
</providers>
</membership>
En el ejemplo de código siguiente se comprueba el valor de RequiresQuestionAndAnswer y se agregan los controles necesarios para que se proporcione una pregunta y respuesta de contraseña al crear un usuario.
Importante
En este ejemplo se incluye un cuadro de texto que acepta la entrada del usuario, que es una amenaza de seguridad potencial. De forma predeterminada, ASP.NET Web Pages valida que los datos proporcionados por el usuario no incluyen elementos HTML ni de script. Para más información, consulte Información general sobre los ataques mediante scripts.
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
public void CreateUser_OnClick(object sender, EventArgs args)
{
// Create new user and retrieve create status result.
MembershipCreateStatus status;
string passwordQuestion = "";
string passwordAnswer = "";
if (Membership.RequiresQuestionAndAnswer)
{
passwordQuestion = PasswordQuestionTextbox.Text;
passwordAnswer = PasswordAnswerTextbox.Text;
}
try
{
MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text,
EmailTextbox.Text, passwordQuestion,
passwordAnswer, true, out status);
if (newUser == null)
{
Msg.Text = GetErrorMessage(status);
}
else
{
Response.Redirect("login.aspx");
}
}
catch
{
Msg.Text = "An exception occurred creating the user.";
}
}
public string GetErrorMessage(MembershipCreateStatus status)
{
switch (status)
{
case MembershipCreateStatus.DuplicateUserName:
return "Username already exists. Please enter a different user name.";
case MembershipCreateStatus.DuplicateEmail:
return "A username for that email address already exists. Please enter a different email address.";
case MembershipCreateStatus.InvalidPassword:
return "The password provided is invalid. Please enter a valid password value.";
case MembershipCreateStatus.InvalidEmail:
return "The email address provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidAnswer:
return "The password retrieval answer provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidQuestion:
return "The password retrieval question provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.InvalidUserName:
return "The user name provided is invalid. Please check the value and try again.";
case MembershipCreateStatus.ProviderError:
return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
case MembershipCreateStatus.UserRejected:
return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
default:
return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Create User</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Create New User</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
<table cellpadding="3" border="0">
<tr>
<td>Username:</td>
<td><asp:Textbox id="UsernameTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UserNameTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password:</td>
<td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordRequiredValidator" runat="server"
ControlToValidate="PasswordTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><asp:Textbox id="PasswordConfirmTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordConfirmRequiredValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" />
<asp:CompareValidator id="PasswordConfirmCompareValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ControlToCompare="PasswordTextBox"
ErrorMessage="Confirm password must match password." />
</td>
</tr>
<tr>
<td>Email Address:</td>
<td><asp:Textbox id="EmailTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="EmailRequiredValidator" runat="server"
ControlToValidate="EmailTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% if (Membership.RequiresQuestionAndAnswer) { %>
<tr>
<td>Password Question:</td>
<td><asp:Textbox id="PasswordQuestionTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordQuestionRequiredValidator" runat="server"
ControlToValidate="PasswordQuestionTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password Answer:</td>
<td><asp:Textbox id="PasswordAnswerTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordAnswerRequiredValidator" runat="server"
ControlToValidate="PasswordAnswerTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% } %>
<tr>
<td></td>
<td><asp:Button id="CreateUserButton" Text="Create User" OnClick="CreateUser_OnClick" runat="server" /></td>
</tr>
</table>
</form>
</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Public Sub CreateUser_OnClick(sender As Object, args As EventArgs)
' Create new user and retrieve create status result.
Dim status As MembershipCreateStatus
Dim passwordQuestion As String = ""
Dim passwordAnswer As String = ""
If Membership.RequiresQuestionAndAnswer Then
passwordQuestion = PasswordQuestionTextbox.Text
passwordAnswer = PasswordAnswerTextbox.Text
End If
Try
Dim newUser As MembershipUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text, _
EmailTextbox.Text, passwordQuestion, _
passwordAnswer, True, status)
If newUser Is Nothing Then
Msg.Text = GetErrorMessage(status)
Else
Response.Redirect("login.aspx")
End If
Catch
Msg.Text = "An exception occurred creating the user."
End Try
End Sub
Public Function GetErrorMessage(status As MembershipCreateStatus) As String
Select Case status
Case MembershipCreateStatus.DuplicateUserName:
Return "Username already exists. Please enter a different user name."
Case MembershipCreateStatus.DuplicateEmail:
Return "A username for that email address already exists. Please enter a different email address."
Case MembershipCreateStatus.InvalidPassword:
Return "The password provided is invalid. Please enter a valid password value."
Case MembershipCreateStatus.InvalidEmail:
Return "The email address provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.InvalidAnswer:
Return "The password retrieval answer provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.InvalidQuestion:
Return "The password retrieval question provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.InvalidUserName
Return "The user name provided is invalid. Please check the value and try again."
Case MembershipCreateStatus.ProviderError:
Return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator."
Case MembershipCreateStatus.UserRejected:
Return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator."
Case Else:
Return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator."
End Select
End Function
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Create User</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Create New User</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" />
<table cellpadding="3" border="0">
<tr>
<td>Username:</td>
<td><asp:Textbox id="UsernameTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UserNameTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password:</td>
<td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordRequiredValidator" runat="server"
ControlToValidate="PasswordTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><asp:Textbox id="PasswordConfirmTextbox" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="PasswordConfirmRequiredValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" />
<asp:CompareValidator id="PasswordConfirmCompareValidator" runat="server"
ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
Display="Static" ControlToCompare="PasswordTextBox"
ErrorMessage="Confirm password must match password." />
</td>
</tr>
<tr>
<td>Email Address:</td>
<td><asp:Textbox id="EmailTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="EmailRequiredValidator" runat="server"
ControlToValidate="EmailTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% If Membership.RequiresQuestionAndAnswer Then %>
<tr>
<td>Password Question:</td>
<td><asp:Textbox id="PasswordQuestionTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordQuestionRequiredValidator" runat="server"
ControlToValidate="PasswordQuestionTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<tr>
<td>Password Answer:</td>
<td><asp:Textbox id="PasswordAnswerTextbox" runat="server" /></td>
<td><asp:RequiredFieldValidator id="PasswordAnswerRequiredValidator" runat="server"
ControlToValidate="PasswordAnswerTextbox" ForeColor="red"
Display="Static" ErrorMessage="Required" /></td>
</tr>
<% End If %>
<tr>
<td></td>
<td><asp:Button id="CreateUserButton" Text="Create User" OnClick="CreateUser_OnClick" runat="server" /></td>
</tr>
</table>
</form>
</body>
</html>
Comentarios
Requerir una pregunta y respuesta de contraseña proporciona una capa adicional de seguridad al recuperar o restablecer la contraseña de un usuario. Los usuarios pueden proporcionar una pregunta y respuesta cuando se crea su nombre de usuario que posteriormente pueden usar para recuperar o restablecer una contraseña olvidada.
RequiresQuestionAndAnswer se comprueba cuando ResetPassword se llama a o GetPassword . El proveedor proporcionado con .NET Framework produce una NotSupportedException excepción if RequiresQuestionAndAnswertrue y la respuesta de contraseña proporcionada es null.
Si EnablePasswordReset y EnablePasswordRetrieval son , falseRequiresQuestionAndAnswer todavía se pueden usar para aplicar la creación de preguntas y respuestas cuando se crean nuevos usuarios; sin embargo, la pregunta y la respuesta no se usarán. Podrá recuperar la pregunta mediante la MembershipUser clase .
Para obtener más información, vea ResetPassword y GetPassword.
Se aplica a
Consulte también
Colaborar con nosotros en GitHub
El origen de este contenido se puede encontrar en GitHub, donde también puede crear y revisar problemas y solicitudes de incorporación de cambios. Para más información, consulte nuestra guía para colaboradores.
