用户密码的 MVC 管理员重置

Question

经过一番折腾，在ADyson 的出色帮助下，我完成了这项工作。

在我的系统上，当管理员用户登录时，会出现一个链接，让他们进入用户管理系统。这提供了一个用户列表，可以创建另一个用户、删除他们或更改他们的详细信息。

此外，当任何用户登录时，他们都可以更改自己的密码。但是，如果用户忘记了密码，管理员用户必须重置密码。我不会通过电子邮件向他们发送链接或任何花哨的东西。在管理屏幕的“列出用户”位中，有一个操作列，其中包含编辑、删除、显示详细信息和重置密码的链接。

我有一个 ApplicationUsersController，其中包含编辑、删除等功能。我有一系列 ApplicationUsers 视图，称为 Create、Edit、Delete、Details、Edit、Index。大部分代码是在我创建 ApplicationUsersController 并选择创建视图时生成的。还有一个 ResetUserPasswordsViewModel 。这是 ResetPassword 视图：

@model ICWeb.Models.ResetUserPasswordViewModel

@{
    ViewBag.Title = "Reset User Password";
    Layout = "~/Views/Shared/_Layout.cshtml";
}

<h2>@ViewBag.Title</h2>


@using (Html.BeginForm())
{
    @Html.AntiForgeryToken()

    <div class="form-horizontal">
        <hr />
        @Html.ValidationSummary(true, "Please fix the errors displayed", new { @class = "text-danger" })
        @Html.HiddenFor(model => model.Id)

        <div class="form-group">
            @Html.LabelFor(model => model.NewPassword, htmlAttributes: new { @class = "control-label col-md-2" })
            <div class="col-md-10">
                @Html.EditorFor(model => model.NewPassword, new { htmlAttributes = new { @class = "form-control", @autofocus = "autofocus" } })
                @Html.ValidationMessageFor(model => model.NewPassword, "", new { @class = "text-danger" })
            </div>
        </div>

        <div class="form-group">
            @Html.LabelFor(model => model.ConfirmPassword, htmlAttributes: new { @class = "control-label col-md-2" })
            <div class="col-md-10">
                @Html.EditorFor(model => model.ConfirmPassword, new { htmlAttributes = new { @class = "form-control" } })
                @Html.ValidationMessageFor(model => model.ConfirmPassword, "", new { @class = "text-danger" })
            </div>
        </div>

        <div class="form-group">
            <div class="col-md-offset-2 col-md-10">
                <input type="submit" value="Reset Password" class="btn btn-default" />
            </div>
        </div>
    </div>
}
<div>
    @Html.ActionLink("Back to List", "Index")
</div>

@section Scripts {
    @Scripts.Render("~/bundles/jqueryval")
}

在我的控制器中：

    // GET: /ApplicationUsers/ResetPassword
    public ActionResult ResetPassword(string id)
    {
        return View(new ResetUserPasswordViewModel() { Id = id });
    }

    //POST: /ApplicationUsers/ResetPassword
    [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> ResetPassword(ResetUserPasswordViewModel model)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }

        ApplicationDbContext context = new ApplicationDbContext();
        UserStore<ApplicationUser> store = new UserStore<ApplicationUser>(context);
        UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
        string userId = model.Id;
        string newPassword = model.NewPassword;
        string hashedNewPassword = UserManager.PasswordHasher.HashPassword(newPassword);
        ApplicationUser cUser = await store.FindByIdAsync(userId);
        await store.SetPasswordHashAsync(cUser, hashedNewPassword);
        await store.UpdateAsync(cUser);

        return RedirectToAction("Index");
    }

经过一番折腾，我重新做了这个功能。视图现在加载，我可以输入 2 个新密码。当我提交时，ResetPassword 函数运行。当我单步执行代码时，我可以看到它具有我输入的密码，并且通过编辑 GET 函数以使用 Id 填充模型，我现在获得了用户的 Id。整个控制器的访问权限仅限于具有管理员权限的用户，因此除非您是管理员，否则您无法在此处执行任何操作。

在我的 ResetUserPasswordModel 我有：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.ComponentModel.DataAnnotations;

namespace ICWeb.Models
{
    public class ResetUserPasswordViewModel
    {
        public string Id { get; set; }

        [Required]
        [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
        [DataType(DataType.Password)]
        [Display(Name = "New password")]
        public string NewPassword { get; set; }

        [DataType(DataType.Password)]
        [Display(Name = "Confirm new password")]
        [Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
        public string ConfirmPassword { get; set; }
    }
}

所有内容都已排序，非常感谢您的帮助。

Answer 1

在我正在开发的系统中（但尚未完成或测试）我已经写了这个。它有效，所以应该是一个很好的起点。请注意，视图模型会处理不匹配的密码，因此已经为您介绍了这一点。

我对用户管理器使用直接注入 - 只需将我的 _userManager 替换为您自己的实例即可。

@model Models.ResetPasswordViewModel
@{
    ViewBag.Title = "Reset password";
}

<div class="container">
    @if (ViewBag.Error != null)
    {
        <div class="alert-danger mb-2">Error(s) occured : @ViewBag.Error</div>
        @Html.ActionLink("Back to List", "AllUsers", null, new { @class = "btn btn-outline-primary" })
    }
    else
    {
        using (Html.BeginForm("ResetPassword", "Account", FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
        {
            @Html.AntiForgeryToken()

            @Html.ValidationSummary("", new { @class = "text-danger" })

            @Html.HiddenFor(x => x.Id)

            <div class="form-group">
                @Html.LabelFor(model => model.UserName, htmlAttributes: new { @class = "control-label" })
                @Html.EditorFor(model => model.UserName, new { htmlAttributes = new { @class = "form-control", @readonly = "" } })
            </div>

            <div class="form-group">
                @Html.LabelFor(m => m.Password, new { @class = "control-label" })
                @Html.PasswordFor(m => m.Password, new { @class = "form-control" })
            </div>
            <div class="form-group">
                @Html.LabelFor(m => m.ConfirmPassword, new { @class = "control-label" })
                @Html.PasswordFor(m => m.ConfirmPassword, new { @class = "form-control" })
            </div>

            <div class="form-group d-flex">
                @Html.ActionLink("Back to User Edit", "EditUser", "Account", new { userId = Model.Id }, new { @class = "btn btn-outline-primary" })

                <input type="submit" value="Reset Password" class="btn btn-primary ml-auto" />
            </div>
        }
    }
</div>


  public class ResetPasswordViewModel
    {
        [Display(Name = "User Id")]
        public string Id { get; set; }

        [Display(Name = "User Name")]
        public string UserName { get; set; }

        [Required]
        [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
        [DataType(DataType.Password)]
        [Display(Name = "Password")]
        public string Password { get; set; }

        [DataType(DataType.Password)]
        [Display(Name = "Confirm password")]
        [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
        public string ConfirmPassword { get; set; }
    }


[ValidateAntiForgeryToken]
public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    var user = _userManager.FindById(model.Id);

    IdentityResult result = null;

    if (user != null)
    {
        string code = await _userManager.GeneratePasswordResetTokenAsync(user.Id);

        result = await _userManager.ResetPasswordAsync(user.Id, code, model.Password);

        if (result.Succeeded)
        {
            return RedirectToAction("ResetPasswordConfirmation", "Account", model);
        }
    }

    // return errors
    var s = new System.Text.StringBuilder();
    //
    foreach (var e in result.Errors)
    {
        if (s.Length > 0)
        {
            s.Append(", ");
        }

        s.Append(e);
    }

    ViewBag.Error = s.ToString();

    return View();
}