Требование состоит в том, чтобы требовать от пользователей сложных паролей, требующих минимальной длины 8 символов. 1+ не буквенно-цифровой символ. 1+ строчный буквенный символ. 1+ заглавная буква. 1+ номер.
Я могу сделать это, добавив следующее в web.config
<add name="sql" type="System.Web.Security.SqlMembershipProvider" connectionStringName="core" applicationName="sitecore" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="1" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" passwordStrengthRegularExpression="(?=.{8,})(?=.*[\d])(?=.*[a-z])(?=.*[A-Z]).*" />
Проверка passwordStrengthRegularExpression, по-видимому, не обрабатывается Sitecore, поскольку я получаю следующее необработанное исключение при вводе неверного пароля:
376 15:59:41 ERROR Application error.
Exception: System.Web.HttpUnhandledException
Message: Exception of type 'System.Web.HttpUnhandledException' was thrown.
Source: System.Web
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Nested Exception
Exception: System.Reflection.TargetInvocationException
Message: Exception has been thrown by the target of an invocation.
Source: mscorlib
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Sitecore.Web.UI.XamlSharp.Xaml.XamlControl.ExecuteAjaxMethod(AjaxMethodEventArgs e)
at Sitecore.Web.UI.WebControls.AjaxScriptManager.DispatchMethod(Control control, String parameters)
at Sitecore.Nexus.Pipelines.NexusPipelineApi.Resume(PipelineArgs args, Pipeline pipeline)
at Sitecore.Pipelines.Pipeline.Start(PipelineArgs args, Boolean atomic)
at Sitecore.Web.UI.WebControls.ContinuationManager.RunPipelines()
at Sitecore.Web.UI.WebControls.ContinuationManager.OnPreRender(EventArgs e)
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Nested Exception
Exception: System.ArgumentException
Message: The parameter 'newPassword' does not match the regular expression specified in config file.
Source: System.Web
at System.Web.Security.SqlMembershipProvider.ChangePassword(String username, String oldPassword, String newPassword)
at Sitecore.Data.DataProviders.NullRetryer.Execute[T](Func`1 action, Action recover)
at Sitecore.Security.SitecoreMembershipProvider.ChangePassword(String username, String oldPassword, String newPassword)
at Sitecore.Security.Accounts.MembershipUserWrapper.ChangePassword(String oldPassword, String newPassword)
at Sitecore.Shell.Applications.Security.SetPassword.SetPasswordPage.OK_Click()
Можно ли этого добиться, изменив значения конфигурации, или это можно легко сделать, исправив конвейер <loggingin>
?