如何能战胜ASP.NET核心身份的密码策略
问题描述:
默认情况下,ASP.NET核心身份的密码策略至少需要一个特殊字符,一个大写字母,一个数字,...如何能战胜ASP.NET核心身份的密码策略
我怎样才能改变这种限制吗?
没有任何关于该文件(https://docs.asp.net/en/latest/security/authentication/identity.html)
我尝试重写身份的用户管理器,但我看不出哪种方法管理密码策略英寸
public class ApplicationUserManager : UserManager<ApplicationUser>
{
public ApplicationUserManager(
DbContextOptions<SecurityDbContext> options,
IServiceProvider services,
IHttpContextAccessor contextAccessor,
ILogger<UserManager<ApplicationUser>> logger)
: base(
new UserStore<ApplicationUser>(new SecurityDbContext(contextAccessor)),
new CustomOptions(),
new PasswordHasher<ApplicationUser>(),
new UserValidator<ApplicationUser>[] { new UserValidator<ApplicationUser>() },
new PasswordValidator[] { new PasswordValidator() },
new UpperInvariantLookupNormalizer(),
new IdentityErrorDescriber(),
services,
logger
// , contextAccessor
)
{
}
public class PasswordValidator : IPasswordValidator<ApplicationUser>
{
public Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password)
{
return Task.Run(() =>
{
if (password.Length >= 4) return IdentityResult.Success;
else { return IdentityResult.Failed(new IdentityError { Code = "SHORTPASSWORD", Description = "Password too short" }); }
});
}
}
public class CustomOptions : IOptions<IdentityOptions>
{
public IdentityOptions Value { get; private set; }
public CustomOptions()
{
Value = new IdentityOptions
{
ClaimsIdentity = new ClaimsIdentityOptions(),
Cookies = new IdentityCookieOptions(),
Lockout = new LockoutOptions(),
Password = null,
User = new UserOptions(),
SignIn = new SignInOptions(),
Tokens = new TokenOptions()
};
}
}
}
我添加该用户管理依赖于启动的类:
services.AddScoped<ApplicationUserManager>();
但是当我在使用控制器ApplicationUserManager,我有错误:处理请求时 未处理的异常。
InvalidOperationException:尝试激活“ApplicationUserManager”时无法解析类型为“Microsoft.EntityFrameworkCore.DbContextOptions`1 [SecurityDbContext]”的服务。
编辑:用户的管理工作,当我使用ASP.NET核心身份的默认类,所以它不是一个数据库的问题,或者是这样的
编辑2:我找到了解决办法,你有只需在启动类中配置Identity即可。我的回答给出了一些细节。
答
这到底SOOOOO简单...
无需覆盖类,你刚才在你的启动类配置的身份设置,就像这样:
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredLength = 5;
options.Password.RequireLowercase = true;
options.Password.RequireNonLetterOrDigit = true;
options.Password.RequireUppercase = false;
});
或者你可配置的身份,当你添加:
services.AddIdentity<ApplicationUser, IdentityRole>(options=> {
options.Password.RequireDigit = false;
options.Password.RequiredLength = 4;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
})
.AddEntityFrameworkStores<SecurityDbContext>()
.AddDefaultTokenProviders();
AS.NET核心是明确的好东西...
答
您可以在IdentityConfig.cs文件中修改这些规则。 规则以
public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
// Configure validation logic for usernames
manager.UserValidator = new UserValidator<ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 5,
RequireNonLetterOrDigit = false,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
}
解决方案定义添加到官方文档https://docs.asp.net/en/latest/security/authentication/identity.html – AdrienTorris
应用解决方案,它看起来像在ASP。 Net Core选项'options.Password.RequireNonAlphanumeric = false;'已被弃用并分为2个“子选项”:'options.Password.RequireDigit = false;'和'options.Password.RequireNonAlphanumeric = false;'。 –