是否必须在自定义实现中覆盖默认会员提供程序的 OnValidatingPassword?
我正在努力为我的 .net 应用程序实现自定义会员提供程序。我已经设置了最少数量的字符和非字母数字字符的配置,但它似乎还是让密码通过,即使它们违反了规则。
OnValidatingPassword 是一个虚拟方法。 来自 Microsoft 的示例 不覆盖该方法。
这个问题解决了同样的问题,但作者放弃了得到他的问题的答案并简单地覆盖该函数。此答案表明人们不必覆盖让它工作的功能。
基函数没有做任何事情吗?当我重写 OnValidatePassword 并简单地调用基类时,我的函数会被命中,但它永远不会拒绝我过于简单的密码。
代码示例(带有自定义 CreateUser 函数)
protected override void OnValidatingPassword(ValidatePasswordEventArgs e)
{
base.OnValidatingPassword(e);
}
//
// MembershipProvider.CreateUser
//
public MembershipUser CreateUser(string username, string password, string globalIdentifier, string firstName, string lastName,
string birthDate, object providerUserKey, out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
I am working to implement a custom Membership Provider for my .net application. I have set up the configuration for a minimum number of characters and non-alphanumeric characters, but it seems to let passwords through anyway, even when they break the rules.
OnValidatingPassword is a virtual method. The example from Microsoft does not override the method.
This question grapples with the same problem, but the author gave up on getting the answer to his question and simply overrode the function. This answer states that one does not have to override the function to have it work.
Does the base function not do anything? When I override OnValidatePassword, and simply call the base class, my function gets hit, but it never rejects my too-simple passwords.
Code sample (with a custom CreateUser function)
protected override void OnValidatingPassword(ValidatePasswordEventArgs e)
{
base.OnValidatingPassword(e);
}
//
// MembershipProvider.CreateUser
//
public MembershipUser CreateUser(string username, string password, string globalIdentifier, string firstName, string lastName,
string birthDate, object providerUserKey, out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
MembershipProvider.OnValidatingPassword 的文档仅指出它会引发ValidatingPassword 事件(如果处理程序已注册),而不是实际验证密码。
查看 Reflector 中的方法证实了这一点:
这令人困惑,但我相信其目的是为外部逻辑提供一个参与密码验证的钩子;自定义提供程序仍然需要编写自己的验证逻辑。
如果您查看 SQL 成员资格提供程序的源代码(下载 Provider Toolkit Samples),您将看到它包含验证密码的逻辑,并且还调用
OnValidatingPassword。以下代码来自CreateUser方法:Edit
我认为部分混淆是基于
OnValidatingPassword的名称,而且它似乎暗示它正在处理密码验证,而不是引发事件让其他代码验证密码。无论如何,我理解这种混乱 - 如果该方法被命名为 RaiseValidatingPasswordEvent 可能会更清楚。无论如何,您都可以查看 .NET 4 的事件设计指南。页面,你会发现这个:
The documentation for MembershipProvider.OnValidatingPassword only states that that it raises the
ValidatingPasswordevent if a handler is registered, not that it actually validates the password.Looking at the method in Reflector confirms this:
It is confusing, but I believe the intent is that this provides a hook for external logic to participate in password validation; A custom provider would still need to write its own validation logic.
If you take a look at the source code for the SQL Membership Provider (download the Provider Toolkit Samples), you'll see that it includes logic to validate the password, and also calls
OnValidatingPassword. The following code is from theCreateUsermethod:Edit
I think part of the confusion is based on the name of
OnValidatingPassword, and that it seems to imply that it is handling password validation, rather than raising an event to let other code validate the password. For what it's worth, I understand the confusion - it would probably be clearer if the method had been namedRaiseValidatingPasswordEvent.In any case, you can check the Event Design guidelines for .NET 4. About halfway down the page, you'll find this: