如何使用IdentityServer4和ASP.NET Microsoft Identity进行自定义密码验证 [英] How to use IdentityServer4 with Custom password validation with ASP.NET Microsoft Identity
问题描述
我正在使用IdentityServer4并使用ASP.NET Identity,并且想进行自定义密码验证,以便我可以添加密码过期验证(例如,如果密码的使用期限超过90天,则让用户更改密码,等).
I am working with IdentityServer4 and using ASP.NET Identity, and would like to do custom password validation so that I can add validation for password expiration (such as if password is older than 90 days then make the user change the password, etc...).
在启动的 ConfigureServices()方法中设置 services.AddIdentity 时,遇到了方法 .AddPasswordValidator<> .cs,但是找不到有关如何实现它的清晰文档.
I ran across the method .AddPasswordValidator<> when setting the services.AddIdentity in the ConfigureServices() method of the Startup.cs, but am unable to find any clear documentation on how to implement it.
任何人都可以帮助实现或将我引向类似示例的示例代码吗?(或者可能有助于了解在哪里/如何使用IdentityServer4对用户/密码进行一些自定义验证)?
Can anyone help with implementation or point me toward some example code of something similar? (Or possibly help with understanding where / how I could implement some custom validation of users/passwords with IdentityServer4)?
推荐答案
我不认为您需要密码验证器,但自从您询问之后-
定制密码验证器的示例(不是我的代码,请链接到下面的文章):
I don't think that a password validator is what you need but since you've asked -
An example of a custom password validator (not my code, link to the article below) :
public class SameCharacterPasswordValidator<TUser>: IPasswordValidator<TUser>
where TUser : class
{
public Task<IdentityResult> ValidateAsync(UserManager<TUser> manager,
TUser user,
string password)
{
return Task.FromResult(password.Distinct().Count() == 1 ?
IdentityResult.Failed(new IdentityError
{
Code = "SameChar",
Description = "Passwords cannot be all the same character."
}) :
IdentityResult.Success);
}
}
您可以在 ConfigureServices 方法
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
// Basic built in validations
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonLetterOrDigit = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 6;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders()
// Your custom validator here
.AddPasswordValidator<SameCharacterPasswordValidator<ApplicationUser>>();
关于ASP.NET Identity的密码验证器,这里有一篇不错的文章: https://elanderson.net/2016/03/asp-net-core-password-options-and-custom-validators/
Here's a good article about ASP.NET Identity's password validator:
https://elanderson.net/2016/03/asp-net-core-password-options-and-custom-validators/
请注意,密码验证器用于检查密码是否符合您想要的格式(类似于正则表达式).因此,密码的过期与它无关.那是您密码上的元数据,与密码的格式无关.对于该用例,您可以在 AspNetUsers 表中添加一个字段(您可以通过扩展从 PasswordChangedAt Date字段的 IdentityUser (可能称为 ApplicationUser )继承的类.然后,每次用户登录时,您都应自己检查该验证.
P.S: 重要的是要认识到密码的强度或与用户存储区有关的任何事情实际上与IdentityServer无关.IdentityServer充当您的STS(安全令牌服务).
我花了一些时间亲自认识它,这就是为什么我认为值得一提的原因,即使它对您来说可能很明显.
Note that the password validators are meant to check that the password stands in the format you want it to be (something like a regular expression). Therefore, expiration of a password has nothing to do with it. That's metadata on your password, has nothing to do with the password's format.
For that use case, you could add a field to your AspNetUsers table (you'll be able to do it by extending the class inheriting from IdentityUser (probably called ApplicationUser) of PasswordChangedAt Date field.
Then, every time the user logs in you should check for that validation yourself.
P.S: It's important to realize that password's strength or anything that has to do with your user store actually has nothing to do with IdentityServer.
IdentityServer acts as your STS (Security Token Service).
It took me some time to realize it myself, and that's why I think it's worth mentioning, even though it might be obvious to you.
这篇关于如何使用IdentityServer4和ASP.NET Microsoft Identity进行自定义密码验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
