[英]What is the maximum length of an un-encrypted password using the ASP.Net Membership provider?
I have a production site using the Encrypted
style password storage from the SQL Membership Provider and for particularly long passwords we're getting the exception: 我有一个生产站点,该站点使用来自SQL成员资格提供程序的
Encrypted
样式密码存储,对于特别长的密码,我们遇到了例外:
The password is too long: It must not exceed 128 chars after encrypting.
密码太长:加密后不能超过128个字符。 Parameter name
newPassword
.参数名称
newPassword
。
This is being thrown from MembershipUser.ChangePassword(string oldPassword, string newPassword)
, although the stack may go a little deeper. 这是从
MembershipUser.ChangePassword(string oldPassword, string newPassword)
抛出的,尽管堆栈可能会更深一些。
What maximum length do I need to limit my users to so that we don't see this error if they provide a password of that length? 我需要将用户限制为最大最大长度,以便如果他们提供该长度的密码就不会出现此错误?
I realise that we should really have been using Hashed
which should result in a more consistent result, but as a short term fix before we convert all the existing passwords I'd like to reduce the maximum number of characters a user can enter to keep the encrypted length under this limit. 我意识到我们确实应该使用
Hashed
,这将导致更一致的结果,但是作为短期修复,在转换所有现有密码之前,我想减少用户可以输入的最大字符数,以保持在此限制下的加密长度。
According to the documentation , it is exactly 128 chars in the database. 根据文档 ,数据库中正好是128个字符。 It also can vary with the encryption strategy and what is in the string.
它也可能随加密策略和字符串中的内容而变化。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.