向会员提供商添加密码要求
我需要创建自定义成员资格提供程序还是有其他方法?
我有一个使用 ASP.NET 表单身份验证和 Microsoft SQL 成员资格提供程序的项目。该网站已完成。我到处都使用这个提供商。 (注册、登录、忘记密码等...)
到目前为止,我的网站用户不需要复杂的密码。用户的密码实际上只是密码。用户可以选择任何过去的密码。我对该网站几乎没有任何限制,因为没有数据是私人或个人的。
不过,我收到了新的要求。
以下是新的密码要求:
- 密码长度必须至少为 8 个字符。
- 密码必须使用以下 4 种字符类型中的 3 种创建:
- 大写
- 小写
- 数字
- 标点符号
- 不要在密码中使用您的姓名或用户 ID。
- 以后不要再使用旧密码。
- 密码必须至少每 60 天更改一次。
- 密码不得包含您的用户 ID 或全名的任何部分。
- 密码历史记录保留将禁止使用最近 24 个密码。
- 用户在任何 6 天内只能更改一次密码。
我意识到我必须修改以下所有页面:注册、登录、忘记密码等……幸运的是我很久以前就停止使用默认控件了。
我很欣赏你的想法。
我的第一个想法是我需要编写一个自定义会员提供程序。 我不知道如何让标准提供者完成大部分工作。我可以编写代码来执行此操作。
- 我是否修改 aspnet_membership 表?
- 我应该添加自己的表 aspnet_something 吗?
- 用户档案表可以用来解决这个问题吗?
- 我需要自己的 MembershipUser 类吗?
谢谢。
Do I need to make a Custom Membership Provider or is there another way?
I have a project using ASP.NET Forms Authentication and the Microsoft SQL Membership Provider. The website is DONE. I use this provider everywhere. (Register, Login, Forgot Password, etc...)
Until now, my website users have not needed complex passwords. The users' passwords were really just pins. The user could select anything for a password in the past. I had almost no restrictions for this website because none of the data is private or personal.
However I have received new requirements.
Here are the new password requirements:
- Passwords must be at least 8 characters in length.
- Passwords must be created using 3 of the following 4 character types:
- Uppercase
- Lowercase
- Numeric
- Punctuation
- Do not use your name or User ID in the password.
- Do not use old passwords again later.
- Passwords must be changed at least every 60 days.
- Passwords may not contain your User ID or any part of your full name.
- Password history retention will prohibit use of the last 24 passwords.
- Passwords may be changed by users only once in any 6-day period.
I realize I am going to have to modify all of the following pages: Register, Login, Forgot Password, etc... fortunately I stopped using the default controls a long time ago.
I appreciate your thoughts.
My first thought was that I need to write a Custom Membership Provider.
I don't know how to make the standard provider to do most of this. I could write code to do.
- Do I modify the aspnet_membership table?
- Should I add my own table aspnet_something?
- Can the user profile table be used for this problem?
- Do I need my own MembershipUser class?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要监听 ValidatingPassword 事件。
请参阅 ASP.NET 成员身份 ChangePassword 控件 - 需要检查以前的密码以获取如何执行此操作的示例代码。
You need to listen to the ValidatingPassword event.
See ASP.NET Membership ChangePassword control - Need to check for previous password for sample code of how to do this.