如何为 ASP.NET 身份设置密码规则? [英] How to set password rules for ASP.NET identity?

问题描述

在我的 ASP.NET 应用程序中，我在 web.config 中的 DefaultMembershipProvider 和 SqlMembershipProvider 中有以下设置:

In my ASP.NET applications I have following settings in DefaultMembershipProvider and SqlMembershipProvider in web.config:

enablePasswordRetrieval="true"
passwordFormat="Clear" 
requiresQuestionAndAnswer="false" 

它们是摘要式身份验证所必需的.我想转移到 ASP.NET Identity.我正在使用自动化工具更新我管理的所有 web.config 文件.

They are required for Digest authentication. I would like to move to ASP.NET Identity. I am using automated tool to update all web.config files that I manage.

如何在 Visual Studio 2013 生成的项目中为 ASP.NET Identity 设置这些设置?

How do I set these settings for ASP.NET Identity in the project generated by Visual Studio 2013?

推荐答案

您需要提供 IPPasswordHasher 实现，可以提供清晰的密码而无需散列.您可以将 UserManager.PasswordHasher 设置为您的实现.

You need to provide IPasswordHasher implementation that can provide clear password without hashing. You can set UserManager.PasswordHasher to your implementation.

截至目前，Identity 没有 web.config 可配置设置.您需要在代码中提供适当的可配置组合，主要在 Startup.cs

As of now, there is no web.config configurable settings for Identity. You need to provide appropriate mix of configurable in code, mainly in Startup.cs

不建议以清晰的格式存储密码.

public class ClearPassword : IPasswordHasher
{
    public string HashPassword(string password)
    {
        return password;
    }

    public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
    {
        if(hashedPassword.Equals(providedPassword))
            return PasswordVerificationResult.Success;
        else return PasswordVerificationResult.Failed;
    }
}

这篇关于如何为 ASP.NET 身份设置密码规则?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！