上一篇已经有写到一些配置了, 但是不完整, 这篇专门写一篇吧.
防暴力登入的
services.Configure<IdentityOptions>(options => { // Default Lockout settings. options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5); options.Lockout.MaxFailedAccessAttempts = 5; options.Lockout.AllowedForNewUsers = true; });
Password 的格式要求
services.Configure<IdentityOptions>(options => { // Default Password settings. options.Password.RequireDigit = true; options.Password.RequireLowercase = true; options.Password.RequireNonAlphanumeric = true; options.Password.RequireUppercase = true; options.Password.RequiredLength = 6; options.Password.RequiredUniqueChars = 1; });
登入条件
services.Configure<IdentityOptions>(options => { // Default SignIn settings. options.SignIn.RequireConfirmedEmail = false; options.SignIn.RequireConfirmedPhoneNumber = false; options.SignIn.RequireConfirmedAccount = false; });
User 条件
services.Configure<IdentityOptions>(options => { // Default User settings. options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+"; options.User.RequireUniqueEmail = false; });
还有 ClaimsIdentityOptions, TokenOptions 和 StoreOptions 这些就比较少需要配置了.
Cookie 配置
services.ConfigureApplicationCookie(options => { options.AccessDeniedPath = "/Identity/Account/AccessDenied"; options.Cookie.Name = "YourAppCookieName"; options.Cookie.HttpOnly = true; options.ExpireTimeSpan = TimeSpan.FromMinutes(60); options.LoginPath = "/Identity/Account/Login"; // ReturnUrlParameter requires //using Microsoft.AspNetCore.Authentication.Cookies; options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter; options.SlidingExpiration = true; });
这里需要注意一下, 调用必须在 AddIdentity 之后哦
最后是密码 hash 的次数, 前 2 篇讲密码盐的时候有提起过了
services.Configure<PasswordHasherOptions>(option => { option.IterationCount = 12000; });