我在 ASP.Net Core 应用程序中使用弱密码时出现错误
I get an error when I use weak password on my in ASP.Net Core application
当我在我的 PC 上以开发模式测试应用程序时,不会发生此错误,但在远程服务器上会发生。该应用程序验证用户是否存在以及密码要求,但是如果我使用像“1234”这样的密码,该应用程序会给我这个错误,但是如果我使用像“@juan147-lop4s785”这样的密码,它确实会发生
这是 launchSettings.json 文件
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:63322",
"sslPort": 44361
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production"
//"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"UniJobs": {
"commandName": "Project",
"launchBrowser": true,
"applicationUrl": "https://localhost:5001;http://localhost:5000",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production"
//"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
这是我们的 mi Startup.cs 文件
namespace UniJobs
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<Usuarios>(options => options.SignIn.RequireConfirmedAccount = true)
//Incluye los roles de los usuarios a la app
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddControllersWithViews();
services.AddRazorPages();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseDeveloperExceptionPage();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseSession();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
}
}
很可能在创建用户时,您没有检查它是否成功,因此当您的“弱密码”不符合默认身份选项时,它无法创建用户,然后数据库抱怨缺少外键,导致你的错误。
查看 here 默认身份密码选项以及如何自定义它们。
如果您使用 UserManager 创建用户,您只需要检查它是否有任何错误并做出相应的响应,如下所示:
var result = await UserManager.CreateAsync(user, password);
if(!result.Succeeded)
return result.Errors.Select(x => x.Description);
var roleResult = await UserManager.AddToRoleAsync(user, "User");
if (!roleResult.Succeeded)
return roleResult.Errors.Select(x => x.Description);
当我在我的 PC 上以开发模式测试应用程序时,不会发生此错误,但在远程服务器上会发生。该应用程序验证用户是否存在以及密码要求,但是如果我使用像“1234”这样的密码,该应用程序会给我这个错误,但是如果我使用像“@juan147-lop4s785”这样的密码,它确实会发生
这是 launchSettings.json 文件
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:63322",
"sslPort": 44361
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production"
//"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"UniJobs": {
"commandName": "Project",
"launchBrowser": true,
"applicationUrl": "https://localhost:5001;http://localhost:5000",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production"
//"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
这是我们的 mi Startup.cs 文件
namespace UniJobs
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<Usuarios>(options => options.SignIn.RequireConfirmedAccount = true)
//Incluye los roles de los usuarios a la app
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddControllersWithViews();
services.AddRazorPages();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseDeveloperExceptionPage();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseSession();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
}
}
很可能在创建用户时,您没有检查它是否成功,因此当您的“弱密码”不符合默认身份选项时,它无法创建用户,然后数据库抱怨缺少外键,导致你的错误。
查看 here 默认身份密码选项以及如何自定义它们。
如果您使用 UserManager 创建用户,您只需要检查它是否有任何错误并做出相应的响应,如下所示:
var result = await UserManager.CreateAsync(user, password);
if(!result.Succeeded)
return result.Errors.Select(x => x.Description);
var roleResult = await UserManager.AddToRoleAsync(user, "User");
if (!roleResult.Succeeded)
return roleResult.Errors.Select(x => x.Description);