Membership.EnablePasswordRetrieval Membership.EnablePasswordRetrieval Membership.EnablePasswordRetrieval Membership.EnablePasswordRetrieval Property

Definición

Obtiene un valor que indica si se configura el proveedor de pertenencia actual para permitirles a los usuarios recuperar sus contraseñas.Gets a value indicating whether the current membership provider is configured to allow users to retrieve their passwords.

public:
 static property bool EnablePasswordRetrieval { bool get(); };
public static bool EnablePasswordRetrieval { get; }
member this.EnablePasswordRetrieval : bool
Public Shared ReadOnly Property EnablePasswordRetrieval As Boolean

Valor de propiedad

Es true si el proveedor de pertenencia admite la recuperación de contraseñas; en caso contrario, es false.true if the membership provider supports password retrieval; otherwise, false.

Ejemplos

El siguiente ejemplo de código muestra la pertenencia elemento en el system.web sección del archivo Web.config para una aplicación ASP.NET.The following code example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. Especifica que la aplicación utiliza una instancia de la SqlMembershipProvider y habilita la recuperación de contraseña.It specifies that the application use an instance of the SqlMembershipProvider and enables password retrieval.

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">  
  <providers>  
    <add name="SqlProvider"  
      type="System.Web.Security.SqlMembershipProvider"  
      connectionStringName="SqlServices"  
      enablePasswordRetrieval="true"  
      enablePasswordReset="false"  
      requiresQuestionAndAnswer="false"  
      passwordFormat="Encrypted"  
      applicationName="MyApplication" />  
  </providers>  
</membership>  

El ejemplo de código siguiente comprueba primero que EnablePasswordRetrieval es true, a continuación, recupera la contraseña de un nombre de usuario especificado y lo envía a la dirección de correo electrónico para el usuario especificado.The following code example first verifies that EnablePasswordRetrieval is true, then retrieves the password for a specified user name and sends it to the email address for the specified user.

Importante

No se recomienda devolver una contraseña en texto no cifrado mediante correo electrónico para los sitios que requieren un alto nivel de seguridad.Returning a password in clear text using email is not recommended for sites that require a high level of security. Para los sitios de alta seguridad, se recomienda devolver contraseñas usando cifrado, como SSL.For high-security sites, we recommend that you return passwords using encryption, such as SSL.

Este ejemplo incluye un cuadro de texto que acepta datos proporcionados por el usuario, que puede suponer una amenaza de seguridad.This example includes a text box that accepts user input, which is a potential security threat. De forma predeterminada, ASP.NET Web Pages valida que los datos proporcionados por el usuario no incluyen elementos HTML ni de script.By default, ASP.NET Web pages validate that user input does not include script or HTML elements. Para más información, consulte Información general sobre los ataques mediante scripts.For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Net.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Page_Load(object sender, EventArgs args)
{
  if (!Membership.EnablePasswordRetrieval)
  {
    FormsAuthentication.RedirectToLoginPage();
  }

  Msg.Text = "";

  if (!IsPostBack)
  {
    Msg.Text = "Please enter a user name.";
  }
  else
  {
    VerifyUsername();
  }
}


public void VerifyUsername()
{
    MembershipUser user = Membership.GetUser(UsernameTextBox.Text, false);

    if (user == null)
    {
      Msg.Text = "The user name " + Server.HtmlEncode(UsernameTextBox.Text) + " was not found. Please check the value and re-enter.";

      QuestionLabel.Text = "";
      QuestionLabel.Enabled = false;
      AnswerTextBox.Enabled = false;
      EmailPasswordButton.Enabled = false;
    }
    else
    {
      QuestionLabel.Text = user.PasswordQuestion;
      QuestionLabel.Enabled = true;
      AnswerTextBox.Enabled = true;
      EmailPasswordButton.Enabled = true;
    }
}


public void EmailPassword_OnClick(object sender, EventArgs args)
{
  // Note: Returning a password in clear text using email is not recommended for
  // sites that require a high level of security.

  try
  {
    string password = Membership.Provider.GetPassword(UsernameTextBox.Text, AnswerTextBox.Text);
    MembershipUser u = Membership.GetUser(UsernameTextBox.Text);
    EmailPassword(u.Email, password);
    Msg.Text = "Your password was sent via email.";
  }
  catch (MembershipPasswordException e)
  {
    Msg.Text = "The password answer is incorrect. Please check the value and try again.";
  }
  catch (System.Configuration.Provider.ProviderException e)
  {
    Msg.Text = "An error occurred retrieving your password. Please check your values " +
               "and try again.";
  }
}


private void EmailPassword(string email, string password)
{
  try
  {
    MailMessage Message = new MailMessage("administrator", email);
    Message.Subject = "Your Password";
    Message.Body = "Your password is: " + Server.HtmlEncode(password);

    SmtpClient SmtpMail = new SmtpClient("SMTPSERVER");
    SmtpMail.Send(Message);
  }
  catch 
  {
    Msg.Text = "An exception occurred while sending your password. Please try again.";
  }
}

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Retrieve Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Retrieve Password</h3>

  <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />

  Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
            <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                        ControlToValidate="UsernameTextBox" ForeColor="red"
                                        Display="Static" ErrorMessage="Required" /><br />

  Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />

  Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="false" />
          <asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                      ControlToValidate="AnswerTextBox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" Enabled="false" /><br />

  <asp:Button id="EmailPasswordButton" Text="Email My Password" 
              OnClick="EmailPassword_OnClick" runat="server" Enabled="false" />

</form>

</body>
</html>

<%@ Page Language="VB" %>

<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Net.Mail" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

  Public Sub Page_Load(ByVal sender As Object, ByVal args As EventArgs)

    If Not Membership.EnablePasswordRetrieval Then
      FormsAuthentication.RedirectToLoginPage()
    End If

    Msg.Text = ""

    If Not IsPostBack Then
      Msg.Text = "Please enter a user name."
    Else
      VerifyUsername()
    End If

  End Sub


  Private Sub VerifyUsername()

    Dim user As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False)

    If user Is Nothing Then
      Msg.Text = "The user name " & Server.HtmlEncode(UsernameTextBox.Text) & " was not found. Please check the value and re-enter."

      QuestionLabel.Text = ""
      QuestionLabel.Enabled = False
      AnswerTextBox.Enabled = False
      EmailPasswordButton.Enabled = False
    Else
      QuestionLabel.Text = user.PasswordQuestion
      QuestionLabel.Enabled = True
      AnswerTextBox.Enabled = True
      EmailPasswordButton.Enabled = True
    End If

  End Sub


  Public Sub EmailPassword_OnClick(ByVal sender As Object, ByVal args As EventArgs)

    ' Note: Returning a password in clear text using email is not recommended for
    ' sites that require a high level of security.

    Try
      Dim password As String = Membership.Provider.GetPassword(UsernameTextBox.Text, AnswerTextBox.Text)
      Dim u As MembershipUser = Membership.GetUser(UsernameTextBox.Text)
      EmailPassword(u.Email, password)
      Msg.Text = "Your password was sent via email."
    Catch e As MembershipPasswordException
      Msg.Text = "The password answer is incorrect. Please check the value and try again."
    Catch e As System.Configuration.Provider.ProviderException
      Msg.Text = "An error occurred retrieving your password. Please check your values " & _
                 "and try again."
    End Try

  End Sub


  Private Sub EmailPassword(ByVal email As String, ByVal password As String)

    Try
      Dim Message As MailMessage = New MailMessage("administrator", email)
      Message.Subject = "Your Password"
      Message.Body = "Your password is: " & Server.HtmlEncode(password)
      
      Dim SmtpMail As SmtpClient = New SmtpClient("SMTPSERVER")
      SmtpMail.Send(Message)
    Catch
      Msg.Text = "An exception occurred while sending your password. Please try again."
    End Try

  End Sub

</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Sample: Retrieve Password</title>
</head>
<body>
  <form id="form1" runat="server">
    <h3>
      Retrieve Password</h3>
    <asp:Label ID="Msg" runat="server" ForeColor="maroon" /><br />
    Username:
    <asp:TextBox ID="UsernameTextBox" Columns="30" runat="server" AutoPostBack="True" />
    <asp:RequiredFieldValidator ID="UsernameRequiredValidator" runat="server" ControlToValidate="UsernameTextBox"
      ForeColor="red" Display="Static" ErrorMessage="Required" /><br />
    Password Question: <b>
      <asp:Label ID="QuestionLabel" runat="server" /></b><br />
    Answer:
    <asp:TextBox ID="AnswerTextBox" Columns="60" runat="server" Enabled="False" />
    <asp:RequiredFieldValidator ID="AnswerRequiredValidator" runat="server" ControlToValidate="AnswerTextBox"
      ForeColor="red" Display="Static" ErrorMessage="Required" Enabled="False" /><br />
    <asp:Button ID="EmailPasswordButton" Text="Email My Password" OnClick="EmailPassword_OnClick"
      runat="server" Enabled="False" />
  </form>
</body>
</html>

Comentarios

Si EnablePasswordRetrieval es false, el proveedor de pertenencia subyacente puede producir un HttpException.If EnablePasswordRetrieval is false, the underlying membership provider may throw a HttpException.

Los proveedores que se incluyen con .NET Framework admiten varios formatos de contraseña para mejorar la seguridad de contraseña.The providers that are included with the .NET Framework support multiple password formats to enhance password security. Si el formato de la contraseña se establece en Hashed, a continuación, los usuarios no podrán recuperar su contraseña existente de la base de datos.If the password format is set to Hashed, then users will not be able to retrieve their existing password from the database. El Hashed formato de la contraseña proporciona codificación unidireccional de los valores de contraseña.The Hashed password format provides one-way encoding of password values. Las contraseñas son "hash" y en comparación con los valores almacenados en la base de datos para la autenticación.Passwords are "hashed" and compared to values stored in the database for authentication. Los valores "Hash" no pueden ser sin codificar para recuperar el valor de contraseña original."Hashed" values cannot be un-encoded to retrieve the original password value. Para obtener más información, vea MembershipPasswordFormat.For more information, see MembershipPasswordFormat.

Se aplica a

Consulte también: