密码策略设置密码过期天数
需要为程序中添加此功能。系统管理可以管理设置此参数,Default值为0,更新大于0,说明启用功能。其实它和用户管理表中的另外一个选项“密码永不过期”相辅相成之后,才能成形一个完整的功能。
管理员更新“密码过期天数”选项值,如果由大于0的数值更新为0(初始值),数据库触发器会检查用户管理表中的“密码永不过期”选项或“密码过期日期”是否有值,如果条件为真,更新动作终止。
tri_PasswordParameter_Update
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [dbo].[tri_PasswordParameter_Update] ON [dbo].[PasswordParameter]
FOR UPDATE
AS
BEGIN
DECLARE @PasswordParameterId TINYINT,@ParameterValue TINYINT
SELECT @PasswordParameterId = [PasswordParameterId] FROM DELETED
SELECT @ParameterValue = [ParameterValue] FROM INSERTED
IF (@PasswordParameterId = 5 AND @ParameterValue = 0 AND EXISTS(SELECT TOP 1 1 FROM [dbo].[Users] WHERE [PasswordNeverExpires] = 1 OR [PasswordExpirationDate] IS NOT NULL))
BEGIN
RAISERROR(N'设置已经生效应用,不能初始化为0。',16,1)
ROLLBACK TRANSACTION
END
END
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [dbo].[tri_PasswordParameter_Update] ON [dbo].[PasswordParameter]
FOR UPDATE
AS
BEGIN
DECLARE @PasswordParameterId TINYINT,@ParameterValue TINYINT
SELECT @PasswordParameterId = [PasswordParameterId] FROM DELETED
SELECT @ParameterValue = [ParameterValue] FROM INSERTED
IF (@PasswordParameterId = 5 AND @ParameterValue = 0 AND EXISTS(SELECT TOP 1 1 FROM [dbo].[Users] WHERE [PasswordNeverExpires] = 1 OR [PasswordExpirationDate] IS NOT NULL))
BEGIN
RAISERROR(N'设置已经生效应用,不能初始化为0。',16,1)
ROLLBACK TRANSACTION
END
END
用户管理表的“密码过期日期”,是只读字段,不能人为手动更新,方法可以参考:http://www.cnblogs.com/insus/archive/2012/02/08/2342430.html
管理员更新“密码永不过期”选项,如果Enable的话,系统首选去检查密码参数设置的“密码过期天数”是否设值启用。如果没有启用,提示管理员首先设置。如果已经设置,系统会获取此值,并更新“密码过期日期”。如果取消,系统也会更新“密码过期日期”字段,初始化为NULL空。
可以参考下面的触发器:
tri_Users_Update
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [dbo].[tri_Users_Update]
ON [dbo].[Users]
FOR UPDATE
AS
DECLARE @PasswordExpiration TINYINT = [dbo].[udf_GetPasswordParameterValue](5)
DECLARE @PasswordNeverExpires_N BIT = (SELECT [PasswordNeverExpires] FROM INSERTED)
DECLARE @PasswordNeverExpires_O BIT = (SELECT [PasswordNeverExpires] FROM DELETED)
DECLARE @UsersId INT = (SELECT [UsersId] FROM DELETED)
IF @PasswordNeverExpires_N = 1 AND @PasswordExpiration = 0
BEGIN
RAISERROR(N'更新密码永不过期选项,先设置密码参数中的密码过期天数,更新操作终止。',16,1)
ROLLBACK TRANSACTION
END
ELSE
BEGIN
IF @PasswordNeverExpires_O = 0 AND @PasswordNeverExpires_N = 1
UPDATE [dbo].[Users] SET [PasswordExpirationDate] = DATEADD(day,@PasswordExpiration,CURRENT_TIMESTAMP) WHERE [UsersId] = @UsersId
IF @PasswordNeverExpires_O = 1 AND @PasswordNeverExpires_N = 0
UPDATE [dbo].[Users] SET [PasswordExpirationDate] = NULL WHERE [UsersId] = @UsersId
IF UPDATE([PasswordExpirationDate])
BEGIN
RAISERROR(N'禁止人为更改密码过期时间,更改操作终止。',16,1)
ROLLBACK TRANSACTION
END
END
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [dbo].[tri_Users_Update]
ON [dbo].[Users]
FOR UPDATE
AS
DECLARE @PasswordExpiration TINYINT = [dbo].[udf_GetPasswordParameterValue](5)
DECLARE @PasswordNeverExpires_N BIT = (SELECT [PasswordNeverExpires] FROM INSERTED)
DECLARE @PasswordNeverExpires_O BIT = (SELECT [PasswordNeverExpires] FROM DELETED)
DECLARE @UsersId INT = (SELECT [UsersId] FROM DELETED)
IF @PasswordNeverExpires_N = 1 AND @PasswordExpiration = 0
BEGIN
RAISERROR(N'更新密码永不过期选项,先设置密码参数中的密码过期天数,更新操作终止。',16,1)
ROLLBACK TRANSACTION
END
ELSE
BEGIN
IF @PasswordNeverExpires_O = 0 AND @PasswordNeverExpires_N = 1
UPDATE [dbo].[Users] SET [PasswordExpirationDate] = DATEADD(day,@PasswordExpiration,CURRENT_TIMESTAMP) WHERE [UsersId] = @UsersId
IF @PasswordNeverExpires_O = 1 AND @PasswordNeverExpires_N = 0
UPDATE [dbo].[Users] SET [PasswordExpirationDate] = NULL WHERE [UsersId] = @UsersId
IF UPDATE([PasswordExpirationDate])
BEGIN
RAISERROR(N'禁止人为更改密码过期时间,更改操作终止。',16,1)
ROLLBACK TRANSACTION
END
END
