密码验证（正则表达式？） [英] Password validation (regex?)

问题描述

我需要写一些验证规则具有以下要求的用户密码。 C＃ASP.NET MVC。

  

密码必须是6 - 8个字符

  必须包含至少一个字符
  每个从至少三个的
  以下几类：

1. 大写字母


2. 小写字母


3. 数字位数


4. 非字母数字字符（例如，！@＃$％......）

  

不得包含任何
  的3个或更多的字符序列中
  使用用户名
共同切不可
  重复任何previous 1密码

  如果密码是必须改变
  认为以任何方式受到损害

目前我已经写了使用非常的混乱验证规则一堆if语句和循环，这是目前的功能，但它只是感觉它的错误（尤其是与用户名部分序列中的3个字符）。有没有更好的办法，我可以走？

三江源

解决方案

我写了一个非常相似，你所描述的。他们可以做作为常规的前pression和完整（我自己至少），当它是一个非常有意义的成就。

要做到这一点，你将需要使用名为向前看符号正则表达式的功能。请参见上的的：//常规-ex pression.info相对=nofollow>常规-EX pression.info 网站的所有血淋淋的细节。

您将需要第二件事是一个实时定期EX pression测试仪来帮助你的原型正则表达式。我建议你​​看看 Rubular 。创建多个密码，应该工作，并为您的出发点有些不应该从那里开始。

编辑：
为了阐述我的上述评论。不是你要求每个人都可以或者应该通过一个正则表达式解决。也就是说，你列出的要求为：

  

  
• 不得包含在共同的3个或更多字符的任何序列的用户名

  
• 绝不能重复任何previous 1密码

  
• 如果密码被认为以任何方式受到损害必须改变

  

或许应该从主密码验证的正则表达式另案处理，因为这些是高度情境。在在与用户名共同3个或更多的字符序列的大概可以在客户端的处理。然而，另外两个项目是在服务器端处理可能是最好的左侧。

I need to write some validation rules for a user password with the following requirements. C# ASP.NET MVC.

Passwords must be 6 - 8 characters
Must include at least one character each from at least three of the following categories:

1. Upper-case letters
2. Lower-case letters
3. Numeric digits
4. Non-alpha-numeric characters (e.g.,!@#$%...)

Must not contain any sequence of 3 or more characters in common with the username
Must not repeat any of the previous 1 passwords
Must be changed if the password is believed to be compromised in any way

Currently i've written a bunch of really messy validation rules using if statements and loops (especially the 3 characters in sequence with username part), which is currently functional but it just feels like its wrong. Is there a better approach I can take?

Thankyou

解决方案

I wrote one very similar to what you are describing. They can be done as a regular expression, and when complete (at least for myself) it was a very rewarding accomplishment.

To accomplish this you are going to need to use a regex feature called lookaheads. See the information on the regular-expression.info site for all the gory details.

The second thing you will need is a real time regular expression tester to help you prototype your regex. I suggestion you check out Rubular. Create several passwords that should work, and some that shouldn't work and start from there as your starting point.

Edit: To elaborate on my above comment. Not every one of your requirements can or should be solved via a regex. Namely, the requirements you listed as:

• Must not contain any sequence of 3 or more characters in common with the username
• Must not repeat any of the previous 1 passwords
• Must be changed if the password is believed to be compromised in any way

Should probably be handled separately from the main password validation regex, as these are highly contextual. The "sequence of 3 or more characters in common with the username" can probably be handled on the client side. However, the other two items are probably best left handled on the server side.

这篇关于密码验证（正则表达式？）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！