Mat*_*ell 20 membership asp.net security
我有一个ASP.NET页面,允许管理员更改用户的密码.由于管理员不知道用户的密码,我使用以下内容:
MembershipUser member = Membership.GetUser(_usernameTextBox.Text);
member.ChangePassword(member.ResetPassword(), _passNewTextBox.Text);
- 正如这个SO问题所描述的那样.
如果新密码不符合web.config文件中配置的复杂性要求,则密码将被重置,但不会更改为所需的密码.如果新密码不符合复杂性要求,则密码不应发生任何变化.
是否有一种简单的方法可以根据复杂性要求测试新密码?
小智 19
/// <summary>
/// Checks password complexity requirements for the actual membership provider
/// </summary>
/// <param name="password">password to check</param>
/// <returns>true if the password meets the req. complexity</returns>
static public bool CheckPasswordComplexity(string password)
{
return CheckPasswordComplexity(Membership.Provider, password);
}
/// <summary>
/// Checks password complexity requirements for the given membership provider
/// </summary>
/// <param name="membershipProvider">membership provider</param>
/// <param name="password">password to check</param>
/// <returns>true if the password meets the req. complexity</returns>
static public bool CheckPasswordComplexity(MembershipProvider membershipProvider, string password)
{
if (string.IsNullOrEmpty(password)) return false;
if (password.Length < membershipProvider.MinRequiredPasswordLength) return false;
int nonAlnumCount = 0;
for (int i = 0; i < password.Length; i++)
{
if (!char.IsLetterOrDigit(password, i)) nonAlnumCount++;
}
if (nonAlnumCount < membershipProvider.MinRequiredNonAlphanumericCharacters) return false;
if (!string.IsNullOrEmpty(membershipProvider.PasswordStrengthRegularExpression) &&
!Regex.IsMatch(password, membershipProvider.PasswordStrengthRegularExpression))
{
return false;
}
return true;
}
Abr*_*mon 18
您可以使用以下属性来测试密码:
请注意,如果尚未在web.config文件中配置,则PasswordStrengthRegularExpression属性将为空字符串.
有关正则表达式匹配的信息,请参阅Regex.IsMatch(String)上的MSDN参考
*感谢Matt的有益评论.