ActiveDirectoryMembershipProvider.EnablePasswordReset 属性

定义

获取一个值,该值指示 ActiveDirectoryMembershipProvider 实例是否已配置为允许用户重置其密码。Gets a value indicating whether the ActiveDirectoryMembershipProvider instance is configured to allow users to reset their passwords.

public:
 virtual property bool EnablePasswordReset { bool get(); };
public override bool EnablePasswordReset { get; }
member this.EnablePasswordReset : bool
Public Overrides ReadOnly Property EnablePasswordReset As Boolean

属性值

Boolean

如果允许密码重置,则为 true;否则为 falsetrue if password reset is allowed; otherwise, false. 默认值为 falseThe default is false.

例外

在初始化 EnablePasswordReset 实例之前,已尝试访问 ActiveDirectoryMembershipProvider 属性。An attempt to access the EnablePasswordReset property was made before the ActiveDirectoryMembershipProvider instance was initialized.

示例

下面的代码示例演示了一个 Web.config 条目,该条目将 ActiveDirectoryMembershipProvider 实例配置为启用密码重置。The following code example shows a Web.config entry that configures an ActiveDirectoryMembershipProvider instance to enable password resets. 它使用给定了 "重置密码" 访问权限的用户的显式凭据。It uses the explicit credentials of a user given the "reset password" access right.

重要

在 Web.config 文件中放置用户凭据时,会存在潜在的安全威胁。When you place user credentials in your Web.config file, there are potential security threats. 对包含 Web.config 文件的目录具有访问权限的用户可以读取该文件,从而查看凭据。Users with access rights to the directory containing the Web.config file can read the file, and thus see the credentials. 有关如何防范此威胁的详细信息,请参阅 使用受保护的配置加密配置信息For details on how to protect against this threat, see Encrypting Configuration Information Using Protected Configuration.

<configuration>  
  <connectionStrings>  
    <add name="ADService" connectionString="LDAP://ldapServer/" />  
  </connectionStrings>  
  <system.web>  
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">  
      <providers>  
        <add name="AspNetActiveDirectoryMembershipProvider"   
          type="System.Web.Security.ActiveDirectoryMembershipProvider,   
          System.Web, Version=2.0.3600, Culture=neutral,   
          PublicKeyToken=b03f5f7f11d50a3a"  
          connectionUsername="UserWithResetPasswordRights"  
          connectionPassword="PasswordForUser"  
          enablePasswordReset="true"  
          requiresQuestionAndAnswer="true"  
          attributeMapPasswordQuestion="PasswordQuestionADAttribute"  
          attributeMapPasswordAnswer="PasswordAnswerADAttribute"  
          attributeMapFailedPasswordAnswerCount="AnswerCountADAttribute"  
          attributeMapFailedPasswordAnswerTime="AnswerTimeADAttribute"  
          attributeMapFailedPasswordAnswerLockoutTime="LockOutTimeADAttribute" />  
      </providers>  
    </membership>  
  </system.web>  
</configuration>  

注解

EnablePasswordReset属性指示是否可以使用 ResetPassword 方法重置用户的密码。The EnablePasswordReset property indicates whether you can use the ResetPassword method to reset a user's password. EnablePasswordReset 应用程序的配置文件中,使用 enablePasswordReset 成员资格元素 (ASP.NET Settings Schema) 元素的属性设置该属性。The EnablePasswordReset property is set in your application's configuration file using the enablePasswordReset attribute of the membership Element (ASP.NET Settings Schema) element.

EnablePasswordReset true 当以下 成员资格元素 (ASP.NET 设置架构) 元素设置时,才能设置该属性。You can only set the EnablePasswordReset property true when the following membership Element (ASP.NET Settings Schema) element settings have been made.

  • requiresQuestionAndAnswer 必须为 truerequiresQuestionAndAnswer must be true.

  • 必须修改 Active Directory 架构,使其包含用于存储密码提示问题和答案的属性,以及用于密码答案更改尝试的三个跟踪字段。The Active Directory schema must be modified to contain attributes for storing the password question and answer, as well as the three tracking fields for password-answer change attempts.

  • attributeMapPasswordQuestion、、、 attributeMapPasswordAnswer attributeMapFailedPasswordAnswerCount attributeMapFailedPasswordAnswerTimeattributeMapFailedPasswordAnswerLockoutTime 必须映射到 Active Directory 架构中的属性。attributeMapPasswordQuestion, attributeMapPasswordAnswer, attributeMapFailedPasswordAnswerCount, attributeMapFailedPasswordAnswerTime, and attributeMapFailedPasswordAnswerLockoutTime must be mapped to attributes in the Active Directory schema.

如果未满足上述条件, ProviderException 则在初始化时引发。If the above criteria are not met, a ProviderException is thrown at initialization.

当应用程序配置文件中的连接字符串指定的 Active Directory 域而不是特定服务器时,该 ActiveDirectoryMembershipProvider 实例将始终连接到域控制器,该控制器具有域的 PDC 角色,以确保密码更改生效,并在 ValidateUser 调用方法时可用。When the connection string in the application configuration file specifies an Active Directory domain rather than a specific server, the ActiveDirectoryMembershipProvider instance will always connect to the domain controller that has the PDC role for the domain to ensure that password changes take effect and are available when the ValidateUser method is called.

备注

即使 EnablePasswordReset 属性为 true ,也不能重置用户密码,除非用于连接到 Active Directory 服务器的凭据具有域管理员权限 (不建议) 或 "重置密码" 访问权限。Even if the EnablePasswordReset property is true, you cannot reset user passwords unless the credentials used to connect to the Active Directory server have either Domain Administrator rights (not recommended) or the "reset password" access right.

适用于