Skip to content

Latest commit

 

History

History
154 lines (110 loc) · 5.91 KB

File metadata and controls

154 lines (110 loc) · 5.91 KB

Verticular.Extensions.RandomStrings

The intend of this package is to help with generating random strings.

For this reason the package should result in a nuget package which supports as much dotnet framework versions as possible.

Build Status

SonarMaintain SonarRely SonarSec

SonarLOC

NuGet Badge

Currently supported frameworks are:

  • net45, net451, net452
  • net46, net461, net462
  • net47, net471, net472
  • net48
  • netstandard2.0, netstandard2.1

The standard versions of the package can be used in any netcoreapp like netcoreapp2.1/3.1 and net5.0.

Usage

There are two random string generators available to control the kind of randomness used.

Pseudo Random

The pseudo random string generator uses the System.Random class as the underlying infrastructure for randomness. Using this class random strings generation is fast but less secure. That is why this generator shouldn't be used for password generation.

Cryptographic Random

As the name suggests this random string generator is more secure because it uses the System.Security.Cryptography.RNGCryptoServiceProvider class as the underlying infrastructure for randomness. As Microsoft advises this provider is slower but more secure to provide randomness as System.Random.

Code Samples

Static Access

For quick in-place string generation the fastest way is to use the static RandomStrings class.

// quickly generate a random string with defaults
// the default is 32 characters login string containing
// all alpha-numeric characters and additionally '-', '_'.
var randomString = RandomString.PseudoRandom.Generate();

// the length can be specified with the corresponding parameter
var shorter = RandomString.PseudoRandom.Generate(length: 5);

// quickly controlling the allowed characters is achieved using the pre-defined
// character groups
// the example uses digits (0-9), only lower-case letters and the space-character
var usingGroups = RandomString.PseudoRandom.Generate(22,
  CharacterGroups.Digits | CharacterGroups.LowerCaseLetters | CharacterGroups.Space);

// for more fine grained control you can always pass an array of allowed characters
var usingArray = RandomString.PseudoRandom.Generate(12,
  new[]{ 'W', 'm', 'k', '2', 't' });

// for a more advanced scenario there is a builder available to control the
// options for generating random strings
// with the most amount of freedom this allows you to take a character group
// then combine that with manually additional characters and finally exclude some of them
var withBuilder = RandomString.PseudoRandom.Generate(builder => builder
  .WithLength(12)
  .AllowCharacters(CharacterGroups.AllAlphaNumeric)
  .AndAllowCharacters('<', '>')
  .ExcludeCharacters('Q', 'M'));

Of cause all the above code also works with the cryptographic variant.

// just use the crypto property
var generatedPassword = RandomString.CryptographicRandom.Generate(builder => builder
  .WithLength(25)
  .AllowCharacters(CharacterGroups.Letters | CharacterGroups.Digits)
  .ExcludeSimilarLookingCharacters()
  .EachCharacterMustOccurAtLeastOnce());

The previous call showcases two other options.

  • ExcludeSimilarLookingCharacters is handy when you have to exclude characters like 'l' (lower-case L), '1' (one), '|' (pipe), 'I' (upper-case i) and others to improves string readability with difficult font environments.

  • EachCharacterMustOccurAtLeastOnce pretty much explains itself. This option can for example be used to scramble a given text.

Access using dependency injection

Maybe it is necessary to use multiple random string generators or mock the generation. In those cases you could use the following approach.

// during dependency injection setup
...
services.AddTransient<IRandomStringGenerator, CryptographicRandomStringGenerator>();
...

// and than later use it
public class SomeClass
{
  public SomeClass(IRandomStringGenerator generator)
  {
    var password = RandomString.PseudoRandom.Generate(builder => builder
      .WithLength(12)
      .AllowCharacters(CharacterGroups.AllReadableAsciiLetters)
      .ExcludeSimilarLookingCharacters());
  }
}

Another example would be to even inject the options for random string generation.

// during dependency injection setup
...
services.Configure<RandomStringGenerationOptions>(c =>
{
  c.StringLength = 23;
  c.AllowCharacters = CharacterGroups.AllAlphaNumeric.ToCharArray();
});

services.AddTransient<IRandomStringGenerator, CryptographicRandomStringGenerator>();
...

// and than later use it
public class SomeClass
{
  public SomeClass(IRandomStringGenerator generator,
    IOptions<RandomStringGenerationOptions> passwordRules)
  {
    var password = RandomString.CryptographicRandom.Generate(passwordRules.Value);
  }
}