C# 正则表达式模型验证长度

Question

问题：如何在不考虑所有可能情况的情况下编写此内容？如果有一天有人收到 4 个密码要求，那么输入很容易，但调试起来非常困难，因为会有 4 个！不同的中间工作方式。

我如何在代码中使用它：

[RegularExpression("^[A-Za-z0-9!@#$]*([A-Za-z][0-9][!@#$]|[0-9][!@#$][A-Za-z]|[!@#$][A-Za-z][0-9]|[!@#$][0-9][A-Za-z]|[0-9][A-Za-z][!@#$]|[A-Za-z][!@#$][0-9])[A-Za-z0-9!@#$]*$", ErrorMessage = "The Password value must contain at least one letter, one digit, and one special character.")]

为了观看方便，我把它弄坏了，所以不需要滚动：

[RegularExpression("^[A-Za-z0-9!@#$]*
([A-Za-z][0-9][!@#$]|[0-9][!@#$][A-Za-z]|
[!@#$][A-Za-z][0-9]|[!@#$][0-9][A-Za-z]|
[0-9][A-Za-z][!@#$]|[A-Za-z][!@#$][0-9])
[A-Za-z0-9!@#$]*$",
ErrorMessage = "The Password value must contain at least one letter,
one digit, and one special character.")]

如您所见，这是 3！中间的可能性 () 由 | 分隔（或）所以从这里你可以看到 4！可能性将很难维持。

问题要求：我希望这个 C# 中的正则表达式做的基本事情是要求（不分先后）至少一个字母，至少一个数字，至少一个特殊字符！，@ 、# 或 $

Answer 1

一个正则表达式

您可以使用零宽度正向先行断言（请参阅MSDN's "Regular Expression Language - Quick Reference" - 在“分组构造”部分中）来检查您的 AND 密码要求 - 无需明确涵盖可能出现所需密码组件的所有顺序：

^(?=.*?[a-zA-Z])(?=.*?[0-9])(?=.*?[!@#$]).{3,}$

它的工作原理如下：

• (?=.*?[a-zA-Z]) - 前面找到一个字母字符
• (?=.*?[0-9]) - 和前面找到的号码
• (?=.*?[!@#$]) - 和前面允许的特殊字符
• .{3,} - 总共三个或更多字符

我分享了一个regex fiddle based on this，您可能会觉得有用。

Property-Per-Criterion 密码检查器

根据@LeffeBrune 的评论，您应该考虑使用专门的密码检查器类进行检查，该类会根据标准公开一个属性。

例如，这是LINQPad 4 中的一个快速而肮脏的 PoC...

void Main()
{
    var passwords = new string[] {"password", "passw0rd", "passw0rd!", "123456", "!#@$"};

    foreach (var pw in passwords)
    {
        var checker = new PasswordChecker(pw);
        var isValid = checker.IsValid;

        Console.WriteLine("Password {0} is {1}valid.", pw, isValid ? "" : "in");

        if (!isValid)
        {
            Console.WriteLine("    Has alpha?  {0}", checker.HasAlpha ? "Yes." : "NO!");
            Console.WriteLine("    Has number?  {0}", checker.HasNumber ? "Yes." : "NO!");
            Console.WriteLine("    Has special?  {0}", checker.HasSpecial ? "Yes." : "NO!");
            Console.WriteLine("    Has length?  {0}", checker.HasLength ? "Yes." : "NO!");
        }
    }
}

public class PasswordChecker
{
    public const int MINIMUM_LENGTH = 3;
    private string _password;

    public PasswordChecker(string password)
    {
        _password = password;
    }

    public bool HasAlpha
    {
        get
        {
            return Regex.Match(_password, "(?=.*?[a-zA-Z])").Success;
        }
    }

    public bool HasNumber
    {
        get
        {
            return Regex.Match(_password, "(?=.*?[0-9])").Success;
        }
    }

    public bool HasSpecial
    {
        get
        {
            return Regex.Match(_password, "(?=.*?[!@#$])").Success;
        }
    }

    public bool HasLength
    {
        get
        {
            return _password.Length >= MINIMUM_LENGTH;
        }
    }

    public bool IsValid
    {
        get
        {
            return HasLength && HasAlpha && HasNumber && HasSpecial;
        }
    }
}

...产生以下输出：

Password password is invalid.
    Has alpha?  Yes.
    Has number?  NO!
    Has special?  NO!
    Has length?  Yes.
Password passw0rd is invalid.
    Has alpha?  Yes.
    Has number?  Yes.
    Has special?  NO!
    Has length?  Yes.
Password passw0rd! is valid.
Password 123456 is invalid.
    Has alpha?  NO!
    Has number?  Yes.
    Has special?  NO!
    Has length?  Yes.
Password !#@$ is invalid.
    Has alpha?  NO!
    Has number?  NO!
    Has special?  Yes.
    Has length?  Yes.

当然，您可以将这个快速而肮脏的 PoC 做得更进一步，但了解什么标准或标准失败的好处希望是显而易见的。