问题描述
默认情况下,ASP.NET Core Identity 的密码策略要求至少有一个特殊字符、一个大写字母、一个数字……
By default, ASP.NET Core Identity's password policy require at least one special character, one uppercase letter, one number, ...
如何更改此限制?
文档(https://docs.asp.net/en/latest/security/authentication/identity.html)
我尝试覆盖身份的用户管理器,但我没有看到管理密码策略的方法.
I try to override the Identity's User Manager but I don't see which method manages the password policy.
public class ApplicationUserManager : UserManager<ApplicationUser>
{
public ApplicationUserManager(
DbContextOptions<SecurityDbContext> options,
IServiceProvider services,
IHttpContextAccessor contextAccessor,
ILogger<UserManager<ApplicationUser>> logger)
: base(
new UserStore<ApplicationUser>(new SecurityDbContext(contextAccessor)),
new CustomOptions(),
new PasswordHasher<ApplicationUser>(),
new UserValidator<ApplicationUser>[] { new UserValidator<ApplicationUser>() },
new PasswordValidator[] { new PasswordValidator() },
new UpperInvariantLookupNormalizer(),
new IdentityErrorDescriber(),
services,
logger
// , contextAccessor
)
{
}
public class PasswordValidator : IPasswordValidator<ApplicationUser>
{
public Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password)
{
return Task.Run(() =>
{
if (password.Length >= 4) return IdentityResult.Success;
else { return IdentityResult.Failed(new IdentityError { Code = "SHORTPASSWORD", Description = "Password too short" }); }
});
}
}
public class CustomOptions : IOptions<IdentityOptions>
{
public IdentityOptions Value { get; private set; }
public CustomOptions()
{
Value = new IdentityOptions
{
ClaimsIdentity = new ClaimsIdentityOptions(),
Cookies = new IdentityCookieOptions(),
Lockout = new LockoutOptions(),
Password = null,
User = new UserOptions(),
SignIn = new SignInOptions(),
Tokens = new TokenOptions()
};
}
}
}
我在启动类中添加了这个用户管理器依赖:
I add this user manager dependency in startup's class :
services.AddScoped<ApplicationUserManager>();
但是当我在控制器中使用 ApplicationUserManager 时,出现错误:处理请求时发生未处理的异常.
But when I'm using ApplicationUserManager in controllers, I have the error : An unhandled exception occurred while processing the request.
InvalidOperationException:尝试激活ApplicationUserManager"时,无法解析Microsoft.EntityFrameworkCore.DbContextOptions`1[SecurityDbContext]"类型的服务.
当我使用 ASP.NET Core Identity 的默认类时,用户的管理工作正常,所以这不是数据库问题,或者类似的问题
User's management works when I use the ASP.NET Core Identity's default classes, so it's not a database problem, or something like this
编辑 2:我找到了解决方案,您只需在启动类中配置 Identity.我的回答提供了一些细节.
推荐答案
最后太简单了……
无需重写任何类,您只需在启动类中配置身份设置,如下所示:
No need to override any class, you have just to configure the identity settings in your startup class, like this :
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredLength = 5;
options.Password.RequireLowercase = true;
options.Password.RequireNonLetterOrDigit = true;
options.Password.RequireUppercase = false;
});
或者你可以在添加的时候配置身份:
Or you can configure identity when you add it :
services.AddIdentity<ApplicationUser, IdentityRole>(options=> {
options.Password.RequireDigit = false;
options.Password.RequiredLength = 4;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
})
.AddEntityFrameworkStores<SecurityDbContext>()
.AddDefaultTokenProviders();
AS.NET Core 绝对是好东西 ...
AS.NET Core is definitively good stuff ...
这篇关于如何覆盖 ASP.NET Core Identity 的密码策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!