问题
Here is my Web.config file
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="0" passwordStrengthRegularExpression="^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])|(?=.*[a-z])(?=.*[A-Z])(?=.*[!%,.;:])|(?=.*[a-z])(?=.*[0-9])(?=.*[!%,.;:])|(?=.*[A-Z])(?=.*[0-9])(?=.*[!%,.;:])$" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
Here i want to restrict new user password with few conditions::
Password strength:
- Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
- - password Not contain the user's account name
As you can see there is passwordStrengthRegularExpression attribute i used in web.config section to match 1st condition( that Membership provide).
Need solution to achieve second condition.
In short:: I need to customize membership to match condition(character complexity enforced. ie:password Not contain the user's account name)
Updated::
I did what Eranga suggested me in my application . Now i also want to Display appropriate message when Membership createUser fails(on several customized condition).
回答1:
You can sub class from your default provider and handle the ValidatingPassword event. There you can cancel the validation if it does not meet your second criteria.
public class MyMembershipProvider : SqlMembershipProvider
{
public MyMembershipProvider()
{
ValidatingPassword += ValidatePassword;
}
void ValidatePassword(object sender, ValidatePasswordEventArgs e)
{
if (e.Password.Contains(e.UserName))
{
e.Cancel = true;
e.FailureInformation = new Exception("blah blah");
}
}
}
Your Web.Config file should include the following. Make sure you give the full name of your custom membership class for the type attribute.
<membership>
<providers>
<clear />
<add name="MyMembershipProvider" type="MyNamespace.MyMembershipProvider" connectionStringName="ApplicationServices" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="0" passwordStrengthRegularExpression="^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])|(?=.*[a-z])(?=.*[A-Z])(?=.*[!%,.;:])|(?=.*[a-z])(?=.*[0-9])(?=.*[!%,.;:])|(?=.*[A-Z])(?=.*[0-9])(?=.*[!%,.;:])$" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
回答2:
It's not MVC, but you can look at this example of overriding the static event. Also, since this is basically the same question you asked before, with a little bit more detail, perhaps you could have just updated the original question?
来源:https://stackoverflow.com/questions/8798892/asp-net-membership-where-control-goes-on-creating-new-user-from-config-window