使用ASP.NET Identity创建没有密码的用户 [英] Creating users with no password using ASP.NET Identity

问题描述

我被要求提供不使用密码即可通过UI创建用户的能力.我正在尝试使用ASP.NET Identity来完成此任务.

I have been given the requirement to provide the ability to create users through the UI with no password. I am trying to accomplish this using ASP.NET Identity.

我能够使用UserManager的Create方法成功创建没有密码的用户:

I am able to successfully create a user without a password using the UserManager's Create method:

if (vm.ShouldHavePassword)
{
    userManager.Create(userToInsert, vm.Password);
}
else
{
    userManager.Create(userToInsert);
}

调用Create方法后，测试用户已成功保存到我们的AspNetUsers表中.当我不提供密码时，我们的AspNetUsers表中的PasswordHash列设置为NULL.

After the call to the Create method, the test user gets successfully saved into our AspNetUsers table. And when I do not provide a password, the PasswordHash column in our AspNetUsers table is set to NULL.

我的问题是，我无法以没有密码的测试用户身份登录.以下是我们用来验证用户凭据的方法调用:

My issue is, I cannot login as the test user that does not have a password. The following is the method call that we use to validate a user's credentials:

result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false);

我尝试以具有NULL PasswordHash的测试用户身份多次登录.为此，我没有在我们的登录表格中提供密码.结果，将NULL密码传递到PasswordSignInAsync方法中.此方法调用的返回值始终为SignInStatus.Failure.

I attempted to login as a test user that has a NULL PasswordHash multiple times. To do this, I do not provide a password in our login form. As a result, a NULL password is passed into the PasswordSignInAsync method. The return value of this method call is always SignInStatus.Failure.

使用ASP.NET身份验证，当凭据包含NULL密码并且数据库中的用户包含NULL PasswordHash时，如何配置代码以正确地验证用户凭据?这样的事情有可能吗?

Using ASP.NET Identity, how can I configure my code to correctly authenticate user credentials when the credentials contain a NULL password, and the user in the database contains a NULL PasswordHash? Is such a thing even possible?

推荐答案

可以. ASP.NET Identity Framework是完全可定制的.只需重写PasswordValidator.ValidateAsync和PasswordHasher.VerifyHashedPassword这样的方法即可:

Yes you can. ASP.NET Identity Framework is fully customizable. Just override PasswordValidator.ValidateAsync and PasswordHasher.VerifyHashedPassword methods like this:

internal class CustomPasswordValidator: PasswordValidator
{
    public override async Task<IdentityResult> ValidateAsync(string item)
    {
        if (string.IsNullOrEmpty(item)) return IdentityResult.Success;
        return await base.ValidateAsync(item);
    }
}

internal class CustomPasswordHasher : PasswordHasher
{
    public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
    {
        if (hashedPassword == null && string.IsNullOrEmpty(providedPassword))
            return PasswordVerificationResult.Success;
        return base.VerifyHashedPassword(hashedPassword, providedPassword);
    }
}

并像这样设置它们:

    var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));

    manager.PasswordValidator = new CustomPasswordValidator();
    manager.PasswordHasher = new CustomPasswordHasher();

这篇关于使用ASP.NET Identity创建没有密码的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！