Setup custom usermanager with asp net identity in

2019-07-24 08:37发布

问题:

I used the aspnet identity sample project as reference. But it looked me better to make seperate client for account maintenance. This because Brock Allen answered a question about changing passwords that this should be in a separate client (see https://vimeo.com/154172925 in the end).

So now i'm not really sure how to setup the usermanager. In the sample project a new usermanager is created but without any PasswordValidator or lockout settings. I can set those options in the constructor of the usermanger so the factory.Register(new Registration<UserManager>()); in the UserService will use it. But when I look at a default asp net MVC 5 application, a public static UserManager Create(IdentityFactoryOptions<UserManager> options, IOwinContext context) method is used to setup the PasswordValidator and DataProtectionProvider etc.

I'm not really sure how to setup the DataProtectionProvider without that function. Because if understand that correctly, it is needed for email and password verification.

For extra information. This is the default method generated by a MVC 5 application:

public static UserManager Create(IdentityFactoryOptions<UserManager> options, IOwinContext context)
{
    var manager = new UserManager(new UserStore(context.Get<Context>()));

    // Configure validation logic for usernames
    manager.UserValidator = new UserValidator<User>(manager)
    {
        AllowOnlyAlphanumericUserNames = false,
        RequireUniqueEmail = true
    };

    // Configure validation logic for passwords
    manager.PasswordValidator = new PasswordValidator
    {
        RequiredLength = 6,
        RequireNonLetterOrDigit = true,
        RequireDigit = true,
        RequireLowercase = true,
        RequireUppercase = true,
    };

    // Configure user lockout defaults
    manager.UserLockoutEnabledByDefault = true;
    manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(5);
    manager.MaxFailedAccessAttemptsBeforeLockout = 5;

    // Register two factor authentication providers. This application uses Phone and Emails as a step of receiving a code for verifying the user
    // You can write your own provider and plug it in here.
    manager.RegisterTwoFactorProvider("Phone Code", new PhoneNumberTokenProvider<User>
    {
        MessageFormat = "Your security code is {0}"
    });
    manager.RegisterTwoFactorProvider("Email Code", new EmailTokenProvider<User>
    {
        Subject = "Security Code",
        BodyFormat = "Your security code is {0}"
    });
    ////manager.EmailService = new EmailService();
    ////manager.SmsService = new SmsService();
    var dataProtectionProvider = options.DataProtectionProvider;
    if (dataProtectionProvider != null)
    {
        manager.UserTokenProvider =
            new DataProtectorTokenProvider<User>(dataProtectionProvider.Create("ASP.NET Identity"));
    }

    return manager;
}