身份 - 自定义用户验证器
Identity - Custom User Validators
你好,
我有一个带有 Identity and using this 指南的 .NetCore MVC APP 我能够创建自定义用户验证器。
public class UserDomainValidator<TUser> : IUserValidator<TUser>
where TUser : IdentityUser
{
private readonly List<string> _allowedDomains = new List<string>
{
"elanderson.net",
"test.com"
};
public Task<IdentityResult> ValidateAsync(UserManager<TUser> manager,
TUser user)
{
if (_allowedDomains.Any(allowed =>
user.Email.EndsWith(allowed, StringComparison.CurrentCultureIgnoreCase)))
{
return Task.FromResult(IdentityResult.Success);
}
return Task.FromResult(
IdentityResult.Failed(new IdentityError
{
Code = "InvalidDomain",
Description = "Domain is invalid."
}));
}
}
并通过将其添加到我在 DI 中的身份服务来成功验证我的用户创建
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.User.AllowedUserNameCharacters = "abccom.";
options.User.RequireUniqueEmail = true;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders()
.AddUserValidator<UserDomainValidator<ApplicationUser>>();
现在,one of the existing validatiors 在 Identity 中声明用户名必须是唯一的
private async Task ValidateUserName(UserManager<TUser> manager, TUser user, ICollection<IdentityError> errors)
{
var userName = await manager.GetUserNameAsync(user);
if (string.IsNullOrWhiteSpace(userName))
{
errors.Add(Describer.InvalidUserName(userName));
}
else if (!string.IsNullOrEmpty(manager.Options.User.AllowedUserNameCharacters) &&
userName.Any(c => !manager.Options.User.AllowedUserNameCharacters.Contains(c)))
{
errors.Add(Describer.InvalidUserName(userName));
}
else
{
var owner = await manager.FindByNameAsync(userName);
if (owner != null &&
!string.Equals(await manager.GetUserIdAsync(owner), await manager.GetUserIdAsync(user)))
{
errors.Add(Describer.DuplicateUserName(userName));
}
}
}
因为在我的应用程序中我的登录是通过租户 + 用户名/租户 + 电子邮件完成的,我想允许重复的用户名...有没有人做过类似的事情或有任何想法?
我需要删除此验证,我想调整 SignInManager 或其他东西,以便它可以登录正确的用户..
不要添加新的验证器,而是替换服务中添加的验证器,并创建您自己的 UserValidator。
services.Replace(ServiceDescriptor.Scoped<IUserValidator<User>, CustomUserValidator<User>>());
public class CustomUserValidator<TUser> : IUserValidator<TUser> where TUser : class
{
private readonly List<string> _allowedDomains = new List<string>
{
"elanderson.net",
"test.com"
};
public CustomUserValidator(IdentityErrorDescriber errors = null)
{
Describer = errors ?? new IdentityErrorDescriber();
}
public IdentityErrorDescriber Describer { get; }
public virtual async Task<IdentityResult> ValidateAsync(UserManager<TUser> manager, TUser user)
{
if (manager == null)
throw new ArgumentNullException(nameof(manager));
if (user == null)
throw new ArgumentNullException(nameof(user));
var errors = new List<IdentityError>();
await ValidateUserName(manager, user, errors);
if (manager.Options.User.RequireUniqueEmail)
await ValidateEmail(manager, user, errors);
return errors.Count > 0 ? IdentityResult.Failed(errors.ToArray()) : IdentityResult.Success;
}
private async Task ValidateUserName(UserManager<TUser> manager, TUser user, ICollection<IdentityError> errors)
{
var userName = await manager.GetUserNameAsync(user);
if (string.IsNullOrWhiteSpace(userName))
errors.Add(Describer.InvalidUserName(userName));
else if (!string.IsNullOrEmpty(manager.Options.User.AllowedUserNameCharacters) && userName.Any(c => !manager.Options.User.AllowedUserNameCharacters.Contains(c)))
{
errors.Add(Describer.InvalidUserName(userName));
}
}
private async Task ValidateEmail(UserManager<TUser> manager, TUser user, List<IdentityError> errors)
{
var email = await manager.GetEmailAsync(user);
if (string.IsNullOrWhiteSpace(email))
errors.Add(Describer.InvalidEmail(email));
else if (!new EmailAddressAttribute().IsValid(email))
{
errors.Add(Describer.InvalidEmail(email));
}
else if (_allowedDomains.Any(allowed =>
email.EndsWith(allowed, StringComparison.CurrentCultureIgnoreCase)))
{
errors.Add(new IdentityError
{
Code = "InvalidDomain",
Description = "Domain is invalid."
});
}
else
{
var byEmailAsync = await manager.FindByEmailAsync(email);
var flag = byEmailAsync != null;
if (flag)
{
var a = await manager.GetUserIdAsync(byEmailAsync);
flag = !string.Equals(a, await manager.GetUserIdAsync(user));
}
if (!flag)
return;
errors.Add(Describer.DuplicateEmail(email));
}
}
}
为那些只想扩展现有默认用户验证而没有破坏某些东西的风险的人提供答案。
您可以使用 Decorator 模式,而不是 copying/changing 默认的 UserValidator,您可以只对用户数据执行额外的验证。这是一个例子:
public class UserValidatorDecorator<TUser> : IUserValidator<TUser> where TUser : ApplicationUser
{
// Default UserValidator
private readonly UserValidator<TUser> _userValidator;
// Some class with additional options
private readonly AdditionalOptions _additionalOptions;
// You can use default error describer or create your own
private readonly IdentityErrorDescriber _errorDescriber;
public UserValidatorDecorator(UserValidator<TUser> userValidator,
AdditionalOptions additionalOptions,
IdentityErrorDescriber errorDescriber)
{
_userValidator = userValidator;
_additionalOptions = additionalOptions;
_errorDescriber = errorDescriber;
}
public async Task<IdentityResult> ValidateAsync(UserManager<TUser> manager,
TUser user)
{
// call to default validator
var identityResult = await _userValidator.ValidateAsync(manager, user);
// if default validation is already failed you can just return result, otherwise call
// your additional validation method
return identityResult.Succeeded ?
AdditionalValidation(user) :
identityResult;
}
public IdentityResult AdditionalUserNameValidation(TUser user)
{
// now you can check any value, if you need you can pass to method
// UserManager as well
var someValue = user.SomeValue;
if (someValue < _additionalOptions.MaximumValue)
{
return IdentityResult.Failed(_errorDescriber.SomeError(userName));
}
return IdentityResult.Success;
}
}
然后你需要注册你的装饰器,这取决于.NET框架的版本,我在.NET Core 3.0中使用这样的代码:
// First register default UserValidator and your options class
services.AddScoped<UserValidator<ApplicationUser>>();
services.AddScoped<AdditionalOptions>();
// Then register Asp Identity and your decorator class by using AddUserValidator method
services.AddIdentity<UserData, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddUserValidator<UserValidatorDecorator<UserData>>();
你好,
我有一个带有 Identity and using this 指南的 .NetCore MVC APP 我能够创建自定义用户验证器。
public class UserDomainValidator<TUser> : IUserValidator<TUser>
where TUser : IdentityUser
{
private readonly List<string> _allowedDomains = new List<string>
{
"elanderson.net",
"test.com"
};
public Task<IdentityResult> ValidateAsync(UserManager<TUser> manager,
TUser user)
{
if (_allowedDomains.Any(allowed =>
user.Email.EndsWith(allowed, StringComparison.CurrentCultureIgnoreCase)))
{
return Task.FromResult(IdentityResult.Success);
}
return Task.FromResult(
IdentityResult.Failed(new IdentityError
{
Code = "InvalidDomain",
Description = "Domain is invalid."
}));
}
}
并通过将其添加到我在 DI 中的身份服务来成功验证我的用户创建
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.User.AllowedUserNameCharacters = "abccom.";
options.User.RequireUniqueEmail = true;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders()
.AddUserValidator<UserDomainValidator<ApplicationUser>>();
现在,one of the existing validatiors 在 Identity 中声明用户名必须是唯一的
private async Task ValidateUserName(UserManager<TUser> manager, TUser user, ICollection<IdentityError> errors)
{
var userName = await manager.GetUserNameAsync(user);
if (string.IsNullOrWhiteSpace(userName))
{
errors.Add(Describer.InvalidUserName(userName));
}
else if (!string.IsNullOrEmpty(manager.Options.User.AllowedUserNameCharacters) &&
userName.Any(c => !manager.Options.User.AllowedUserNameCharacters.Contains(c)))
{
errors.Add(Describer.InvalidUserName(userName));
}
else
{
var owner = await manager.FindByNameAsync(userName);
if (owner != null &&
!string.Equals(await manager.GetUserIdAsync(owner), await manager.GetUserIdAsync(user)))
{
errors.Add(Describer.DuplicateUserName(userName));
}
}
}
因为在我的应用程序中我的登录是通过租户 + 用户名/租户 + 电子邮件完成的,我想允许重复的用户名...有没有人做过类似的事情或有任何想法?
我需要删除此验证,我想调整 SignInManager 或其他东西,以便它可以登录正确的用户..
不要添加新的验证器,而是替换服务中添加的验证器,并创建您自己的 UserValidator。
services.Replace(ServiceDescriptor.Scoped<IUserValidator<User>, CustomUserValidator<User>>());
public class CustomUserValidator<TUser> : IUserValidator<TUser> where TUser : class
{
private readonly List<string> _allowedDomains = new List<string>
{
"elanderson.net",
"test.com"
};
public CustomUserValidator(IdentityErrorDescriber errors = null)
{
Describer = errors ?? new IdentityErrorDescriber();
}
public IdentityErrorDescriber Describer { get; }
public virtual async Task<IdentityResult> ValidateAsync(UserManager<TUser> manager, TUser user)
{
if (manager == null)
throw new ArgumentNullException(nameof(manager));
if (user == null)
throw new ArgumentNullException(nameof(user));
var errors = new List<IdentityError>();
await ValidateUserName(manager, user, errors);
if (manager.Options.User.RequireUniqueEmail)
await ValidateEmail(manager, user, errors);
return errors.Count > 0 ? IdentityResult.Failed(errors.ToArray()) : IdentityResult.Success;
}
private async Task ValidateUserName(UserManager<TUser> manager, TUser user, ICollection<IdentityError> errors)
{
var userName = await manager.GetUserNameAsync(user);
if (string.IsNullOrWhiteSpace(userName))
errors.Add(Describer.InvalidUserName(userName));
else if (!string.IsNullOrEmpty(manager.Options.User.AllowedUserNameCharacters) && userName.Any(c => !manager.Options.User.AllowedUserNameCharacters.Contains(c)))
{
errors.Add(Describer.InvalidUserName(userName));
}
}
private async Task ValidateEmail(UserManager<TUser> manager, TUser user, List<IdentityError> errors)
{
var email = await manager.GetEmailAsync(user);
if (string.IsNullOrWhiteSpace(email))
errors.Add(Describer.InvalidEmail(email));
else if (!new EmailAddressAttribute().IsValid(email))
{
errors.Add(Describer.InvalidEmail(email));
}
else if (_allowedDomains.Any(allowed =>
email.EndsWith(allowed, StringComparison.CurrentCultureIgnoreCase)))
{
errors.Add(new IdentityError
{
Code = "InvalidDomain",
Description = "Domain is invalid."
});
}
else
{
var byEmailAsync = await manager.FindByEmailAsync(email);
var flag = byEmailAsync != null;
if (flag)
{
var a = await manager.GetUserIdAsync(byEmailAsync);
flag = !string.Equals(a, await manager.GetUserIdAsync(user));
}
if (!flag)
return;
errors.Add(Describer.DuplicateEmail(email));
}
}
}
为那些只想扩展现有默认用户验证而没有破坏某些东西的风险的人提供答案。
您可以使用 Decorator 模式,而不是 copying/changing 默认的 UserValidator,您可以只对用户数据执行额外的验证。这是一个例子:
public class UserValidatorDecorator<TUser> : IUserValidator<TUser> where TUser : ApplicationUser
{
// Default UserValidator
private readonly UserValidator<TUser> _userValidator;
// Some class with additional options
private readonly AdditionalOptions _additionalOptions;
// You can use default error describer or create your own
private readonly IdentityErrorDescriber _errorDescriber;
public UserValidatorDecorator(UserValidator<TUser> userValidator,
AdditionalOptions additionalOptions,
IdentityErrorDescriber errorDescriber)
{
_userValidator = userValidator;
_additionalOptions = additionalOptions;
_errorDescriber = errorDescriber;
}
public async Task<IdentityResult> ValidateAsync(UserManager<TUser> manager,
TUser user)
{
// call to default validator
var identityResult = await _userValidator.ValidateAsync(manager, user);
// if default validation is already failed you can just return result, otherwise call
// your additional validation method
return identityResult.Succeeded ?
AdditionalValidation(user) :
identityResult;
}
public IdentityResult AdditionalUserNameValidation(TUser user)
{
// now you can check any value, if you need you can pass to method
// UserManager as well
var someValue = user.SomeValue;
if (someValue < _additionalOptions.MaximumValue)
{
return IdentityResult.Failed(_errorDescriber.SomeError(userName));
}
return IdentityResult.Success;
}
}
然后你需要注册你的装饰器,这取决于.NET框架的版本,我在.NET Core 3.0中使用这样的代码:
// First register default UserValidator and your options class
services.AddScoped<UserValidator<ApplicationUser>>();
services.AddScoped<AdditionalOptions>();
// Then register Asp Identity and your decorator class by using AddUserValidator method
services.AddIdentity<UserData, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddUserValidator<UserValidatorDecorator<UserData>>();