更新时间:2023-12-01 11:39:46
Quote:
smt.UseDefaultCredentials = true;
如果 UseDefaultCredentials属性 [ ^ ]设置为true
,忽略凭据
属性。SmtpClient
将尝试使用当前登录用户的默认凭据进行身份验证。只有当您使用属于AD域的邮件服务器时,这才有效。
该属性应设置为false
代替。
将SMTP设置存储在配置文件中会更容易,而不是对它们进行硬编码:
system.net / mailSettings / smtp / network [ ^ ]< configuration >
< system.net >
< mailSettings >
< smtp deliveryMethod = 网络 >
< network
host = smtp.gmail.com port = 587 enableSsl = true
defaultCredentials = false
userName = myMail@gmail.com
密码 = Y0urP @ ssw0rd!
/ >
< / smtp >
< ; / mailSettings >
< / system.net >
< / configuration >
SmtpClient smt = new SmtpClient();
smt.Send(msg);
HOWEVER ,正如我在评论中提到的,你应该从不商店密码以纯文本格式,永远在电子邮件中发送用户密码。您应该只使用每条记录的唯一盐来存储用户密码的盐渍哈希值。
安全密码认证简单解释 [ ^ ]
Salted Password Hashing - 正确行事 [ ^ ]
如果用户忘记了密码,则无需向他们发送现有密码。相反,向他们发送一次性使用链接,让他们将密码重置为其他内容。
您想要了解的有关构建安全密码重置功能的所有内容 [ ^ ]
Hi, I am trying to right a code that can get email and password from a data table use button click event. I want to check if the email submitted by user and the one fetched from data table are the same then sent password by mail, but I am not getting what I want.
The error message says:
Quote:Message=The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required
below is my code:
protected void eMailSubmit_Click(object sender, EventArgs e) { string username = ""; string password = ""; SqlConnection con = new SqlConnection(@"Data Source=My_DataBae;Integrated Security=False;"); SqlCommand cmd = new SqlCommand("SubmitEmail", con); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = TextBoxSubmiteMail.Text; con.Open(); SqlDataReader sdr = cmd.ExecuteReader(); { if (sdr.Read()) { username = sdr["username"].ToString(); password = sdr["password"].ToString(); } } con.Close(); if (username != TextBoxSubmiteMail.Text) { lblemailSubmit.Text = "The submitted eMail does not belong to this account, check the eMail and try again"; } else if (!string.IsNullOrEmpty(password)) { MailMessage msg = new MailMessage(); msg.From = new MailAddress("myMail@gmail.com"); msg.To.Add(TextBoxSubmiteMail.Text); msg.Subject = " Recover your Password"; msg.Body = ("Your Username is:" + username + "<br/><br/>" + "Your Password is:" + password); msg.IsBodyHtml = true; SmtpClient smt = new SmtpClient(); smt.Host = "smtp.gmail.com"; System.Net.NetworkCredential ntwd = new NetworkCredential(); ntwd.UserName = "myMail@gmail.com"; //Your Email ID ntwd.Password = ""; // Your Password smt.UseDefaultCredentials = true; smt.Credentials = ntwd; smt.Port = 587; smt.EnableSsl = true; smt.Send(msg); lblemailSubmit.Text = "Username and Password Sent Successfully"; lblemailSubmit.ForeColor = System.Drawing.Color.ForestGreen; }
this is my stored procedure:
CREATE PROCEDURE [dbo].[SubmitEmail] ( @Email nvarchar(20) ) AS BEGIN SET NOCOUNT ON; ( SELECT Email, Password FROM My_Table WHERE Email= @email ) END;
How do I resolve the error?
I
What I have tried:
I tried supplying my email password.
Quote:smt.UseDefaultCredentials = true;
If the UseDefaultCredentials property[^] is set totrue
, theCredentials
property is ignored. TheSmtpClient
will attempt to authenticate using the default credentials of the currently logged on user. That will only work if you're using a mail server that's part of your AD domain.
The property should be set tofalse
instead.
It would be easier to store the SMTP settings in the configuration file, rather than hard-coding them:
system.net / mailSettings / smtp / network[^]<configuration> <system.net> <mailSettings> <smtp deliveryMethod="Network"> <network host="smtp.gmail.com" port="587" enableSsl="true" defaultCredentials="false" userName="myMail@gmail.com" password="Y0urP@ssw0rd!" /> </smtp> </mailSettings> </system.net> </configuration>
SmtpClient smt = new SmtpClient(); smt.Send(msg);
HOWEVER, as I mentioned in the comments, you should NEVER store passwords in plain text, and NEVER send the user's password in an email. You should only ever store a salted hash of the user's password, using a unique salt for each record.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]
If the user can't remember their password, there's no need to send them their existing password. Instead, send them a one-time-use link which lets them reset their password to something else.
Everything you ever wanted to know about building a secure password reset feature[^]