如何使用ASP.NET Identity Framework设置密码到期
我有一个使用Identity的ASP.NET项目。 对于有关密码的身份配置,正在使用PasswordValidator
。 如何扩展PasswordValidator
当前的密码强制执行( RequiredLength
, RequiredDigit
等)以满足在N天后要求密码过期的要求?
ASP.NET身份2中没有内置的function。最简单的方法是在用户上添加一个字段,如LastPasswordChangedDate 。 然后在每次授权期间检查此字段。
public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider { public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var user = await GetUser(context.UserName, context.Password); if(user.LastPasswordChangedDate.AddDays(20) < DateTime.Now) // user needs to change password } }
再加上@Rikard的回答……
我将LastPasswordChangedDate
添加到我的ApplicationUser
模型中,如下所示:
public class ApplicationUser : IdentityUser { public DateTime LastPasswordChangedDate { get; set; } public async Task GenerateUserIdentityAsync(UserManager manager) { // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie); // Add custom user claims here return userIdentity; } }
向AccountController
添加静态配置设置(稍后您将在Login()
:
private static readonly int PasswordExpireDays = Convert.ToInt32(ConfigurationManager.AppSettings["PasswordExpireDays"]);
然后,在Login
期间,检查用户是否应重置密码。 这仅在成功登录后进行检查,以免对用户造成太多错误。
[HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return View(model); } // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, change to shouldLockout: true var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false); switch (result) { case SignInStatus.Success: var user = await UserManager.FindByNameAsync(model.Email); if (user.LastPasswordChangedDate.AddDays(PasswordExpireDays) < DateTime.UtcNow) { return RedirectToAction("ChangePassword", "Manage"); } else { return RedirectToLocal(returnUrl); } case SignInStatus.LockedOut: return View("Lockout"); case SignInStatus.RequiresVerification: return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }); case SignInStatus.Failure: default: ModelState.AddModelError("", "Error: Invalid username or password"); return View(model); } }
在ManageController,ChangePassword操作中,确保在用户成功更新密码时更新LastPasswordChangedDate
:
上述就是C#学习教程:如何使用ASP.NET Identity Framework设置密码到期分享的全部内容,如果对大家有所用处且需要了解更多关于C#学习教程,希望大家多多关注---计算机技术网(www.ctvol.com)!
[HttpPost] [ValidateAntiForgeryToken] public async Task ChangePassword(ChangePasswordViewModel model) { if (!ModelState.IsValid) { return View(model); } var result = await UserManager.ChangePasswordAsync(User.Identity.GetUserId(), model.OldPassword, model.NewPassword); if (result.Succeeded) { var user = await UserManager.FindByIdAsync(User.Identity.GetUserId()); if (user != null) { user.LastPasswordChangedDate = DateTime.UtcNow; await UserManager.UpdateAsync(user); await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false); } return RedirectToAction("Index", new { Message = ManageMessageId.ChangePasswordSuccess }); } AddErrors(result); return View(model); }
本文来自网络收集,不代表计算机技术网立场,如涉及侵权请联系管理员删除。
ctvol管理联系方式QQ:251552304
本文章地址:https://www.ctvol.com/cdevelopment/961635.html