How to set password rules for ASP.NET identity?

2019-01-22 04:23发布

问题:

In my ASP.NET applications I have following settings in DefaultMembershipProvider and SqlMembershipProvider in web.config:

enablePasswordRetrieval="true"
passwordFormat="Clear" 
requiresQuestionAndAnswer="false" 

They are required for Digest authentication. I would like to move to ASP.NET Identity. I am using automated tool to update all web.config files that I manage.

How do I set these settings for ASP.NET Identity in the project generated by Visual Studio 2013?

回答1:

You need to provide IPasswordHasher implementation that can provide clear password without hashing. You can set UserManager.PasswordHasher to your implementation.

As of now, there is no web.config configurable settings for Identity. You need to provide appropriate mix of configurable in code, mainly in Startup.cs

It is not recommended to store passwords in clear format.

public class ClearPassword : IPasswordHasher
{
    public string HashPassword(string password)
    {
        return password;
    }

    public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
    {
        if(hashedPassword.Equals(providedPassword))
            return PasswordVerificationResult.Success;
        else return PasswordVerificationResult.Failed;
    }
}