使用ASP.NET身份个人帐户的MVC-如何添加安全性问题?
[英]MVC using ASP.NET Identity Individual Accounts - How to Add Security Questions?
问题描述
Here is my Scenario: 
这是我的方案:
I need to capture at least 3 security questions & Answers as a part of user registration for an Website (Built in MVC 5 using Individual User Accounts as means of Authentication). 作为网站用户注册的一部分,我需要捕获至少3个安全问题和解答(使用个人用户帐户作为身份验证,内置于MVC 5中)。 Which I can do by extending ApplicationUser object. 我可以通过扩展ApplicationUser对象来完成。
So far so good. 到现在为止还挺好。
I would like to ask these questions in the password recovery process. 我想在密码恢复过程中问这些问题。
I didn't find any support for security questions in ASP.NET Identity framework. 我没有在ASP.NET Identity框架中找到对安全性问题的任何支持。
My Question: 我的问题:
Do I need to implement security questions out side of built in UserStore library or is there existing support similar to Secret questions in ASP.NET Membership functionality in .NET 2.0? 我是否需要在UserStore库的内置范围之外实施安全问题,或者是否存在类似于.NET 2.0中ASP.NET Membership功能中的Secret问题的现有支持?
Note: Let me know if you need more information. 注意:如果您需要更多信息,请告诉我。
1 个解决方案
解决方案1
4 2015-02-05 01:31:57
To do this in ASP.Net Identity, you treat the answers as custom passwords. 为此,请在ASP.Net Identity中将答案视为自定义密码。
Use userManager.PasswordHasher.HashPassword(Answer1); 使用userManager.PasswordHasher.HashPassword(Answer1); to generate a hash for each answer to store in custom class properties/fields in the database. 为每个答案生成哈希以存储在数据库的自定义类属性/字段中。 (Where userManager is the instance of the Identity UserManager) (其中,userManager是身份UserManager的实例)
On recovery, use 恢复后使用
var verification = userManager.PasswordHasher.VerifyHashedPassword(dbHash, Answer1);
to verify the challenge. 验证挑战。
You can then check if verification.Success is true for each answer. 然后,您可以检查是否verification.Success 。每个答案的成功均为真。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.