ASP.NET Identity Password Validation

Question

I am using Identity in my MVC project, and it's all well and nice. Except the fact that the form for registering a new user has some crazy password requirements

Passwords must have at least one non letter or digit character. Passwords must have at least one digit ('0'-'9'). Passwords must have at least one uppercase ('A'-'Z').

And here is the register model

public class RegisterViewModel
{
    [Required]
    [StringLength(50, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 2)]
    [Display(Name = "First Name")]
    public string FirstName { get; set; }

    [Required]
    [StringLength(50, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 2)]
    [Display(Name = "Last Name")]
    public string LastName { get; set; }

    [Required]
    [EmailAddress]
    [Display(Name = "Email")]
    public string Email { get; set; }

    [Required]
    [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
    [DataType(DataType.Password)]
    [Display(Name = "Passord")]
    public string Password { get; set; }

    [DataType(DataType.Password)]
    [Display(Name = "Repeat Password")]
    [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
    public string ConfirmPassword { get; set; }
}

Account Controller

    // POST: /Account/Register
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
            var result = await UserManager.CreateAsync(user, model.Password);
            if (result.Succeeded)
            {
                await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);
                return RedirectToAction("Index", "Home");
            }
            AddErrors(result);
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

I see the length requirement for the password, but I don't understand how to change the password validation so I don't need a non letter or digit character.

All help greatly appreciated, thank you.

Bonus: What does the {0} and {2} mean? Thank you.

Answer 1

In Startup.cs where you add the Identity Service you can add options for password validation:

services.AddIdentity<ApplicationUser, IdentityRole>(Configuration, 
    options => 
        options.Password = new PasswordOptions 
        { 
            RequireDigit = true, 
            RequiredLength = 6, 
            RequireLowercase = true, 
            RequireUppercase = true, 
            RequireNonLetterOrDigit = false 
        })
[...];

Answer 2

If you are using one of the ASP.NET template applications and have selected Authentication as 'Individual User Accounts' you will find the password options in a IdentityConfig.cs file in the App_Start folder in your application. Here you can change the password options as follows to turn off all requirements except the password length:

manager.PasswordValidator = new PasswordValidator
        {
            RequiredLength = 6,
            RequireNonLetterOrDigit = false,
            RequireDigit = false,
            RequireLowercase = false,
            RequireUppercase = false,
        };