1. 首頁
  2. 問答
  3. 如何能戰勝ASP.NET核心身份的密碼策略

如何能戰勝ASP.NET核心身份的密碼策略

2016-10-03 113 views
15

默認情況下,ASP.NET核心身份的密碼策略至少需要一個特殊字符,一個大寫字母,一個數字,...如何能戰勝ASP.NET核心身份的密碼策略

我怎樣才能改變這種限制嗎?

沒有任何關於該文件(https://docs.asp.net/en/latest/security/authentication/identity.html

我嘗試重寫身份的用戶管理器,但我看不出哪種方法管理密碼策略英寸

public class ApplicationUserManager : UserManager<ApplicationUser> 
{ 
    public ApplicationUserManager(
     DbContextOptions<SecurityDbContext> options, 
     IServiceProvider services, 
     IHttpContextAccessor contextAccessor, 
     ILogger<UserManager<ApplicationUser>> logger) 
     : base(
       new UserStore<ApplicationUser>(new SecurityDbContext(contextAccessor)), 
       new CustomOptions(), 
       new PasswordHasher<ApplicationUser>(), 
       new UserValidator<ApplicationUser>[] { new UserValidator<ApplicationUser>() }, 
       new PasswordValidator[] { new PasswordValidator() }, 
       new UpperInvariantLookupNormalizer(), 
       new IdentityErrorDescriber(), 
       services, 
       logger 
      // , contextAccessor 
      ) 
    { 
    } 

    public class PasswordValidator : IPasswordValidator<ApplicationUser> 
    { 
     public Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password) 
     { 
      return Task.Run(() => 
      { 
       if (password.Length >= 4) return IdentityResult.Success; 
       else { return IdentityResult.Failed(new IdentityError { Code = "SHORTPASSWORD", Description = "Password too short" }); } 
      }); 
     } 
    } 

    public class CustomOptions : IOptions<IdentityOptions> 
    { 
     public IdentityOptions Value { get; private set; } 
     public CustomOptions() 
     { 
      Value = new IdentityOptions 
      { 
       ClaimsIdentity = new ClaimsIdentityOptions(), 
       Cookies = new IdentityCookieOptions(), 
       Lockout = new LockoutOptions(), 
       Password = null, 
       User = new UserOptions(), 
       SignIn = new SignInOptions(), 
       Tokens = new TokenOptions() 
      }; 
     } 
    } 
}

我添加該用戶管理依賴於啓動的類:

services.AddScoped<ApplicationUserManager>();

但是當我在使用控制器ApplicationUserManager,我有錯誤:處理請求時 未處理的異常。

InvalidOperationException:嘗試激活「ApplicationUserManager」時無法解析類型爲「Microsoft.EntityFrameworkCore.DbContextOptions`1 [SecurityDbContext]」的服務。

編輯:用戶的管理工作,當我使用ASP.NET核心身份的默認類,所以它不是一個數據庫的問題,或者是這樣的

編輯2:我找到了解決辦法,你有隻需在啓動類中配置Identity即可。我的回答給出了一些細節。

來源

2016-10-03 AdrienTorris

回答

48

這到底SOOOOO簡單...

無需覆蓋類,你剛纔在你的啓動類配置的身份設置,就像這樣:

services.Configure<IdentityOptions>(options => 
{ 
    options.Password.RequireDigit = false; 
    options.Password.RequiredLength = 5; 
    options.Password.RequireLowercase = true; 
    options.Password.RequireNonLetterOrDigit = true; 
    options.Password.RequireUppercase = false; 
});

或者你可配置的身份,當你添加:

services.AddIdentity<ApplicationUser, IdentityRole>(options=> { 
       options.Password.RequireDigit = false; 
       options.Password.RequiredLength = 4; 
       options.Password.RequireNonAlphanumeric = false; 
       options.Password.RequireUppercase = false; 
       options.Password.RequireLowercase = false; 
      }) 
       .AddEntityFrameworkStores<SecurityDbContext>() 
       .AddDefaultTokenProviders();

AS.NET核心是明確的好東西...

來源

2016-10-03 08:04:15 AdrienTorris

+0

解決方案定義添加到官方文檔https://docs.asp.net/en/latest/security/authentication/identity.html – AdrienTorris

+3

應用解決方案,它看起來像在ASP。 Net Core選項'options.Password.RequireNonAlphanumeric = false;'已被棄用並分爲2個「子選項」:'options.Password.RequireDigit = false;'和'options.Password.RequireNonAlphanumeric = false;'。 –

0

您可以在IdentityConfig.cs文件中修改這些規則。 規則以

public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context) 
{ 
    var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>())); 
    // Configure validation logic for usernames 
    manager.UserValidator = new UserValidator<ApplicationUser>(manager) 
    { 
     AllowOnlyAlphanumericUserNames = false, 
     RequireUniqueEmail = true 
    }; 

    // Configure validation logic for passwords 
    manager.PasswordValidator = new PasswordValidator 
    { 
     RequiredLength = 5, 
     RequireNonLetterOrDigit = false, 
     RequireDigit = true, 
     RequireLowercase = true, 
     RequireUppercase = true, 
    }; 
}

來源

2017-07-18 14:44:20

相關問題

 相關問題