如何使用ASP.NET Identity Framework设置密码到期

我有一个使用Identity的ASP.NET项目。 对于有关密码的身份配置,正在使用PasswordValidator 。 如何扩展PasswordValidator当前的密码强制执行( RequiredLengthRequiredDigit等)以满足在N天后要求密码过期的要求?

ASP.NET身份2中没有内置的function。最简单的方法是在用户上添加一个字段,如LastPasswordChangedDate 。 然后在每次授权期间检查此字段。 

 public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider { public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var user = await GetUser(context.UserName, context.Password); if(user.LastPasswordChangedDate.AddDays(20) < DateTime.Now) // user needs to change password } }

再加上@Rikard的回答……

我将LastPasswordChangedDate添加到我的ApplicationUser模型中,如下所示: 

  public class ApplicationUser : IdentityUser { public DateTime LastPasswordChangedDate { get; set; } public async Task GenerateUserIdentityAsync(UserManager manager) { // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie); // Add custom user claims here return userIdentity; } }

AccountController添加静态配置设置(稍后您将在Login()

 private static readonly int PasswordExpireDays = Convert.ToInt32(ConfigurationManager.AppSettings["PasswordExpireDays"]);

然后,在Login期间,检查用户是否应重置密码。 这仅在成功登录后进行检查,以免对用户造成太多错误。 

  [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return View(model); } // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, change to shouldLockout: true var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false); switch (result) { case SignInStatus.Success: var user = await UserManager.FindByNameAsync(model.Email); if (user.LastPasswordChangedDate.AddDays(PasswordExpireDays) < DateTime.UtcNow) { return RedirectToAction("ChangePassword", "Manage"); } else { return RedirectToLocal(returnUrl); } case SignInStatus.LockedOut: return View("Lockout"); case SignInStatus.RequiresVerification: return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }); case SignInStatus.Failure: default: ModelState.AddModelError("", "Error: Invalid username or password"); return View(model); } }

在ManageController,ChangePassword操作中,确保在用户成功更新密码时更新LastPasswordChangedDate

  [HttpPost] [ValidateAntiForgeryToken] public async Task ChangePassword(ChangePasswordViewModel model) { if (!ModelState.IsValid) { return View(model); } var result = await UserManager.ChangePasswordAsync(User.Identity.GetUserId(), model.OldPassword, model.NewPassword); if (result.Succeeded) { var user = await UserManager.FindByIdAsync(User.Identity.GetUserId()); if (user != null) { user.LastPasswordChangedDate = DateTime.UtcNow; await UserManager.UpdateAsync(user); await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false); } return RedirectToAction("Index", new { Message = ManageMessageId.ChangePasswordSuccess }); } AddErrors(result); return View(model); }
Interesting Posts

从asp.net打开任何文件

调试类库

性能分析asp.net,什么是ProcessRequestNotificationHelper?

如何使用包含点(。)的列名称的Eval()?

文件下载的带宽限制

Mvc Asp排序项目

如何将模型从视图传递到局部视图?

RequiredFieldValidator客户端validation在IE 10上不起作用

MVC 4 Web API寄存器filter

entity framework – 将字段值更新为当前数据库服务器时间