如何在 web.config 文件中设置最大密码长度?
我在 web.config 文件的membership 部分设置了 minRequiredPasswordLength,minRequiredNonalphanumericCharacters 。但我还需要设置最大密码长度。如何在web.config文件中设置?
I had set minRequiredPasswordLength,minRequiredNonalphanumericCharacters in membership section of web.config file. but i need maximum password length also to set. how to set in web.config file?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为 MembershipProvider 的默认实现确实不支持此功能。但是,当用户设置/更改密码时,您可以通过验证密码长度来获得相同的结果。
与PasswordRecovery控件相关的编辑
如果您将MembershipProvider类的标准实现与PasswordRecovery控件一起使用,您将无法干扰新密码的生成(更准确地说ResetPassword - “将用户的密码重置为自动生成的新密码”)。
如果您想使用PasswordRecovery控件,我认为除了创建一个派生自抽象MembershipProvider类或其具体实现之一(如SqlMembershipProvider)的自定义成员资格提供程序外,没有其他选择;
另一种选择是实现自定义密码恢复界面,因为您仍然可以依赖 MembershipProvider 中实现的功能。当用户想要重置密码时,可以使用GetUser方法获取相关信息,然后使用ResetPassword方法获取新密码。此时,您可以使用 ResetPassword 返回的密码并调用 ChangePassword 设置符合您条件的新密码,然后通过电子邮件将其发送给用户。实现相应的用户界面的方法有很多种,但重置密码的逻辑几乎是相同的。
此外,如果您决定对密码进行加密而不是哈希处理以满足您的要求,您的问题将得到解决,因为用户将通过电子邮件收到他们的旧密码(从设置之日起就满足最大长度条件)。为此,请在 web.config 中进行以下更改:
I think that the default implementations of MembershipProvider does not support this feature. However, you could obtain the same results by validating the password length when the users set/change it.
Edit related to PasswordRecovery control
If you are using a standard implementation of the MembershipProvider class with the PasswordRecovery control you are unable to interfere with the generation of the new password (more precisely ResetPassword - "Resets a user's password to a new, automatically generated password").
If you want to use the PasswordRecovery control I see no other option than creating a custom membership provider deriving from the abstract MembershipProvider class or from one of its concrete implementation (like SqlMembershipProvider);
The other option would be to implement your custom password recovery interface as you could still rely on functionality implemented in your MembershipProvider. When the user wants to reset his password you could use GetUser method to obtain the related information, then ResetPassword to obtain a new password. In this moment you may use the password that ResetPassword returns and call ChangePassword to set a new password that meets your criteria, than email it to the user. There are many ways to implement the corresponding user interface, but the reset password logic would be almost the same.
Also in case you decide that keeping the passwords encrypted instead of hashed meets your requirements, your problem will be solved as users will receive through email their old passwords (that meet the maximum length condition from the moment they were set). For this make the following changes in web.config:
您必须使用
ValidatingPassword事件。您可以在此处检查最大长度等。更多信息请访问:http://forums.asp.net/t/946218.aspx
You must use
ValidatingPasswordevent. Here you can check maximum length, etc. More info available at:http://forums.asp.net/t/946218.aspx