如何使 ActiveDirectoryMembershipProvider 接受空密码?
我们正在开发一个 Web 应用程序,它使用表单身份验证和 ActiveDirectoryMembershipProvider 根据 Active Directory 对用户进行身份验证。我们很快发现提供商不允许指定空白/空密码,即使这在 Active Directory 中是完全合法的(如果没有制定预防性密码策略)。
由 Reflector 提供:
private void CheckPassword(string password, int maxSize, string paramName)
{
if (password == null)
{
throw new ArgumentNullException(paramName);
}
if (password.Trim().Length < 1)
{
throw new ArgumentException(SR.GetString("Parameter_can_not_be_empty", new object[] { paramName }), paramName);
}
if ((maxSize > 0) && (password.Length > maxSize))
{
throw new ArgumentException(SR.GetString("Parameter_too_long", new object[] { paramName, maxSize.ToString(CultureInfo.InvariantCulture) }), paramName);
}
}
如果没有编写我们自己的自定义 Provider,有没有办法使用 .NET 的魔力来覆盖此功能?
We are developing a web application that uses forms authentication and the ActiveDirectoryMembershipProvider to authenticate users against the Active Directory. We soon found out that the provider does not allow a blank/empty password to be specified, even though this is perfectly legal in the Active Directory (provided a preventative password policy is not in place).
Courtesy of reflector:
private void CheckPassword(string password, int maxSize, string paramName)
{
if (password == null)
{
throw new ArgumentNullException(paramName);
}
if (password.Trim().Length < 1)
{
throw new ArgumentException(SR.GetString("Parameter_can_not_be_empty", new object[] { paramName }), paramName);
}
if ((maxSize > 0) && (password.Length > maxSize))
{
throw new ArgumentException(SR.GetString("Parameter_too_long", new object[] { paramName, maxSize.ToString(CultureInfo.InvariantCulture) }), paramName);
}
}
Short of writing our own custom Provider, is there any way to override this functionality using the magic of .NET?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不相信您可以在不创建派生类并覆盖调用私有 CheckPassword 方法的每个方法的情况下更改此行为。但是,我不会推荐此选项,我建议您检查您的设计并质疑在您的应用程序中允许空白密码是否合适。虽然它们在 AD 中有效,但在实践中允许这样做是不寻常的,并且它确实会影响 Windows 网络中的其他事物,例如,我认为网络文件共享的默认设置不允许任何具有空白密码的用户连接到共享。
I don't beleive you could change this behaviour without creating a derived class and overiding every method that calls the private CheckPassword method. I would not recomend this option however, i would recomend that you review your design and question whether it is approriate to allow blank passwords in your application. Whilst they are valid in AD it is unusual for this to be allowed in practice and it does impact other things in a windows network, e.g. i think the default settings for network file shares disallow any user with a blank password from connecting to the share.
您也许可以考虑使用模拟,但我不知道您是否会遇到同样的问题。如果要授权用户,那么您可以使用模拟来尝试“模拟”计算机上的用户。我不知道这是否有帮助,但前一周我也在做类似的事情。如果有帮助的话,请将代码放在下面..:)
You could perhaps look at using impersonation but i don't know if you will have the same issue. If it's to authorise a user, then you could use impersonation to try and "impersonate" the user on the machine. I don't know if it helps but I was doing something similar to this the other week. Have put the code below if any of this helps.. :)