验证 Active Directory 默认密码复杂性的正则表达式 [英] Regex that validates Active Directory default password complexity
问题描述
我有一个密码列表,我需要检查并确定它们是否满足 AD 的默认 3 of 4 规则.
I have a list of passwords that I need to examine and determine if they meet the default 3 of 4 rule for AD.
规则包含以下 4 项要求中的 3 项:小写字符 (a-z)大写字符 (A-Z)数字 (0-9)特殊字符 ( !@#$%^&*()_+= )
Rule is contain 3 of the 4 following requirements: lower case character (a-z) upper case character (A-Z) numeric (0-9) special character ( !@#$%^&*()_+= )
我还在学习正则表达式.我知道如何只选择那些符合任何一个字符大小写的字符,但我不知道如何选择 4 个中的 3 个.
I am still learning Regex. I know how to select only those that meet any one character case, but I am not sure how to do 3 of 4.
作为旁注,AD 复杂性还有两个重要的微妙之处(但超出了原始问题的范围).
As a side note, the AD Complexity has two more subtleties that are important (but out of scope of the original question).
确实是 3 of 5.第五个是 Unicode 字符.很高兴用它更新正则表达式.
It is really 3 of 5. The fifth is Unicode character. Be nice to update the Regex with that.
另一个是您不能在密码中包含完整的 sAMAccountName 值(不区分大小写),也不能将 displayName 值拆分为按空格、逗号、破折号、下划线、磅、竖线和其他标记拆分的标记(3 个字符或更长的字符)不能在密码中完整显示,不区分大小写.
The other is you cannot have the sAMAccountName value in whole in the password (case insensitive), nor if you split the displayName value into tokens split upon space, comma, dash, underscore, pound, pipe and something else those tokens (3 chars and longer) cannot be in whole in the password, case insensitive.
推荐答案
如果你真的想要一个大的正则表达式,它应该是这样的:
If you really want one big regex it would be something like this:
(?=^.{8,255}$)((?=.*d)(?=.*[A-Z])(?=.*[a-z])|(?=.*d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*
请注意,它还强制要求密码长度介于 8 到 255 个字符之间.您可以更改第一部分中的{8,255}"部分以调整长度要求.还值得注意的是,这在标准 ASP.NET RegularExpressionValidator<中对我有用/a> 控制.
Note that it also enforces password length to be between 8 and 255 characters. You can change the "{8,255}" portion in the first section to adjust the length requirements. It is also worth noting that this is working for me in a standard ASP.NET RegularExpressionValidator control.
匹配:"Passw0rd" "passW@rd" "1B2a345@#$%"
Matches: "Passw0rd" "passW@rd" "1B2a345@#$%"
不匹配:123123123"密码"asdf&"
Non-Matches: "123123123" "Password" "asdf&"
来源(Matthew Hazzard,来自 RegExLib.com)
Source (Matthew Hazzard via RegExLib.com)
这篇关于验证 Active Directory 默认密码复杂性的正则表达式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
