更改 UserManager 的日志级别
Change log level for UserManager
Microsoft.AspNetCore.Identity.UserManager 将无效密码记录为日志级别 Warning。
我怎样才能将其降级为信息?日志中有点吵...
根据你的描述,我建议你可以考虑创建一个自定义的SignInManager,并修改与日志相关的代码。
更多详情,您可以参考以下代码:
using AspNetCoreNormalIssue.Data;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace AspNetCoreNormalIssue
{
public class ApplicationSignInManager : SignInManager<IdentityUser>
{
private readonly UserManager<IdentityUser> _userManager;
private readonly ApplicationDbContext _dbContext;
private readonly IHttpContextAccessor _contextAccessor;
public ApplicationSignInManager(
UserManager<IdentityUser> userManager,
IHttpContextAccessor contextAccessor,
IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
IOptions<IdentityOptions> optionsAccessor,
ILogger<SignInManager<IdentityUser>> logger,
IAuthenticationSchemeProvider schemes,
IUserConfirmation<IdentityUser> confirmation
)
: base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
{
_userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
_contextAccessor = contextAccessor ?? throw new ArgumentNullException(nameof(contextAccessor));
Logger = logger;
}
public override async Task<SignInResult> CheckPasswordSignInAsync(IdentityUser user, string password, bool lockoutOnFailure)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
var error = await PreSignInCheck(user);
if (error != null)
{
return error;
}
if (await UserManager.CheckPasswordAsync(user, password))
{
var alwaysLockout = AppContext.TryGetSwitch("Microsoft.AspNetCore.Identity.CheckPasswordSignInAlwaysResetLockoutOnSuccess", out var enabled) && enabled;
// Only reset the lockout when not in quirks mode if either TFA is not enabled or the client is remembered for TFA.
if (alwaysLockout || !await IsTfaEnabled(user) || await IsTwoFactorClientRememberedAsync(user))
{
await ResetLockout(user);
}
return SignInResult.Success;
}
//Modify to log error or else based on your requirement.
Logger.LogError("InvalidPassword", "User failed to provide the correct password.");
if (UserManager.SupportsUserLockout && lockoutOnFailure)
{
// If lockout is requested, increment access failed count which might lock out the user
await UserManager.AccessFailedAsync(user);
if (await UserManager.IsLockedOutAsync(user))
{
return await LockedOut(user);
}
}
return SignInResult.Failed;
}
private async Task<bool> IsTfaEnabled(IdentityUser user)
=> UserManager.SupportsUserTwoFactor &&
await UserManager.GetTwoFactorEnabledAsync(user) &&
(await UserManager.GetValidTwoFactorProvidersAsync(user)).Count > 0;
}
}
然后您可以修改 startup.cs 的 ConfigureServices 以使用自定义 SignInManager .AddSignInManager<ApplicationSignInManager>()。
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>().AddSignInManager<ApplicationSignInManager>();
一个好的方法是调整 logging 并在之后过滤日志。我不建议覆盖 .net 安全代码
Microsoft.AspNetCore.Identity.UserManager 将无效密码记录为日志级别 Warning。
我怎样才能将其降级为信息?日志中有点吵...
根据你的描述,我建议你可以考虑创建一个自定义的SignInManager,并修改与日志相关的代码。
更多详情,您可以参考以下代码:
using AspNetCoreNormalIssue.Data;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace AspNetCoreNormalIssue
{
public class ApplicationSignInManager : SignInManager<IdentityUser>
{
private readonly UserManager<IdentityUser> _userManager;
private readonly ApplicationDbContext _dbContext;
private readonly IHttpContextAccessor _contextAccessor;
public ApplicationSignInManager(
UserManager<IdentityUser> userManager,
IHttpContextAccessor contextAccessor,
IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
IOptions<IdentityOptions> optionsAccessor,
ILogger<SignInManager<IdentityUser>> logger,
IAuthenticationSchemeProvider schemes,
IUserConfirmation<IdentityUser> confirmation
)
: base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
{
_userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
_contextAccessor = contextAccessor ?? throw new ArgumentNullException(nameof(contextAccessor));
Logger = logger;
}
public override async Task<SignInResult> CheckPasswordSignInAsync(IdentityUser user, string password, bool lockoutOnFailure)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
var error = await PreSignInCheck(user);
if (error != null)
{
return error;
}
if (await UserManager.CheckPasswordAsync(user, password))
{
var alwaysLockout = AppContext.TryGetSwitch("Microsoft.AspNetCore.Identity.CheckPasswordSignInAlwaysResetLockoutOnSuccess", out var enabled) && enabled;
// Only reset the lockout when not in quirks mode if either TFA is not enabled or the client is remembered for TFA.
if (alwaysLockout || !await IsTfaEnabled(user) || await IsTwoFactorClientRememberedAsync(user))
{
await ResetLockout(user);
}
return SignInResult.Success;
}
//Modify to log error or else based on your requirement.
Logger.LogError("InvalidPassword", "User failed to provide the correct password.");
if (UserManager.SupportsUserLockout && lockoutOnFailure)
{
// If lockout is requested, increment access failed count which might lock out the user
await UserManager.AccessFailedAsync(user);
if (await UserManager.IsLockedOutAsync(user))
{
return await LockedOut(user);
}
}
return SignInResult.Failed;
}
private async Task<bool> IsTfaEnabled(IdentityUser user)
=> UserManager.SupportsUserTwoFactor &&
await UserManager.GetTwoFactorEnabledAsync(user) &&
(await UserManager.GetValidTwoFactorProvidersAsync(user)).Count > 0;
}
}
然后您可以修改 startup.cs 的 ConfigureServices 以使用自定义 SignInManager .AddSignInManager<ApplicationSignInManager>()。
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>().AddSignInManager<ApplicationSignInManager>();
一个好的方法是调整 logging 并在之后过滤日志。我不建议覆盖 .net 安全代码