Creating Users with No Password using ASP.NET Iden

2019-04-08 07:38发布

站内问答 / 前端开发
1111 3 6

I have been given the requirement to provide the ability to create users through the UI with no password. I am trying to accomplish this using ASP.NET Identity.

I am able to successfully create a user without a password using the UserManager's Create method:

if (vm.ShouldHavePassword)
{
    userManager.Create(userToInsert, vm.Password);
}
else
{
    userManager.Create(userToInsert);
}

After the call to the Create method, the test user gets successfully saved into our AspNetUsers table. And when I do not provide a password, the PasswordHash column in our AspNetUsers table is set to NULL.

My issue is, I cannot login as the test user that does not have a password. The following is the method call that we use to validate a user's credentials: 

result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false);

I attempted to login as a test user that has a NULL PasswordHash multiple times. To do this, I do not provide a password in our login form. As a result, A NULL password is passed into the PasswordSignInAsync method. The return value of this method call is always SignInStatus.Failure.

Using ASP.NET Identity, how can I configure my code to correctly authenticate user credentials when the credentials contain a NULL password, and the user in the database contains a NULL PasswordHash? Is such a thing even possible?

3条回答
神经病院院长
2楼-- · 2019-04-08 08:02

I don't think you can validate user without password. As a workaround: Instead of blank password, I'll recommend to use some Dummy/Common password from C# code, both while creating User and while validating credential

When creating user

if (vm.ShouldHavePassword)
{
    userManager.Create(userToInsert, vm.Password);
}
else
{
    userManager.Create(userToInsert, "someDummy123$");
}

When validating

result = await SignInManager.PasswordSignInAsync(model.UserName, "someDummy123$", model.RememberMe, shouldLockout: false);
查看更多
0人赞 添加讨论(0) 举报
Bombasti
3楼-- · 2019-04-08 08:06

Okay, what you need to do is find the user (AspNetUsers user) using your db context. After you have the user, you can check if their PasswordHash is null. If yes, then just sing them in using SignInManager.SignIn If not, use SignInManager.PasswordSignIn

example..

var user = db.AspNetUsers.FirstOrDefault(p=>p.UserName); //alternatively, you can find the user using Email, Id or some other unique field
if(user.PasswordHash == null)
     await SignInManager.SignInAsync(user, true, true);
else
     await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false);

Hope it helps.

查看更多
0人赞 添加讨论(0) 举报
Ridiculous、
4楼-- · 2019-04-08 08:12

Yes you can. Asp.Net Identity Framework is fully customizable. Just override PasswordValidator.ValidateAsync and PasswordHasher.VerifyHashedPassword methods like this:

    internal class CustomPasswordValidator: PasswordValidator
    {
        public override async Task<IdentityResult> ValidateAsync(string item)
        {
            if (string.IsNullOrEmpty(item)) return IdentityResult.Success;
            return await base.ValidateAsync(item);
        }
    }

    internal class CustomPasswordHasher : PasswordHasher
    {
        public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
        {
            if (hashedPassword == null && string.IsNullOrEmpty(providedPassword))
                return PasswordVerificationResult.Success;
            return base.VerifyHashedPassword(hashedPassword, providedPassword);
        }
    }

And set them like this:

        var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));

        manager.PasswordValidator = new CustomPasswordValidator();
        manager.PasswordHasher = new CustomPasswordHasher();
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)