使用ASP.NET Identity创建没有密码的用户 [英] Creating users with no password using ASP.NET Identity
问题描述
我被要求提供不使用密码即可通过UI创建用户的能力.我正在尝试使用ASP.NET Identity来完成此任务.
I have been given the requirement to provide the ability to create users through the UI with no password. I am trying to accomplish this using ASP.NET Identity.
我能够使用UserManager
的Create
方法成功创建没有密码的用户:
I am able to successfully create a user without a password using the UserManager
's Create
method:
if (vm.ShouldHavePassword)
{
userManager.Create(userToInsert, vm.Password);
}
else
{
userManager.Create(userToInsert);
}
调用Create
方法后,测试用户已成功保存到我们的AspNetUsers
表中.当我不提供密码时,我们的AspNetUsers
表中的PasswordHash
列设置为NULL
.
After the call to the Create
method, the test user gets successfully saved into our AspNetUsers
table. And when I do not provide a password, the PasswordHash
column in our AspNetUsers
table is set to NULL
.
我的问题是,我无法以没有密码的测试用户身份登录.以下是我们用来验证用户凭据的方法调用:
My issue is, I cannot login as the test user that does not have a password. The following is the method call that we use to validate a user's credentials:
result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false);
我尝试以具有NULL
PasswordHash
的测试用户身份多次登录.为此,我没有在我们的登录表格中提供密码.结果,将NULL
密码传递到PasswordSignInAsync
方法中.此方法调用的返回值始终为SignInStatus.Failure
.
I attempted to login as a test user that has a NULL
PasswordHash
multiple times. To do this, I do not provide a password in our login form. As a result, a NULL
password is passed into the PasswordSignInAsync
method. The return value of this method call is always SignInStatus.Failure
.
使用ASP.NET身份验证,当凭据包含NULL
密码并且数据库中的用户包含NULL
PasswordHash
时,如何配置代码以正确地验证用户凭据?这样的事情有可能吗?
Using ASP.NET Identity, how can I configure my code to correctly authenticate user credentials when the credentials contain a NULL
password, and the user in the database contains a NULL
PasswordHash
? Is such a thing even possible?
推荐答案
可以. ASP.NET Identity Framework是完全可定制的.只需重写PasswordValidator.ValidateAsync
和PasswordHasher.VerifyHashedPassword
这样的方法即可:
Yes you can. ASP.NET Identity Framework is fully customizable. Just override PasswordValidator.ValidateAsync
and PasswordHasher.VerifyHashedPassword
methods like this:
internal class CustomPasswordValidator: PasswordValidator
{
public override async Task<IdentityResult> ValidateAsync(string item)
{
if (string.IsNullOrEmpty(item)) return IdentityResult.Success;
return await base.ValidateAsync(item);
}
}
internal class CustomPasswordHasher : PasswordHasher
{
public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
{
if (hashedPassword == null && string.IsNullOrEmpty(providedPassword))
return PasswordVerificationResult.Success;
return base.VerifyHashedPassword(hashedPassword, providedPassword);
}
}
并像这样设置它们:
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
manager.PasswordValidator = new CustomPasswordValidator();
manager.PasswordHasher = new CustomPasswordHasher();
这篇关于使用ASP.NET Identity创建没有密码的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!