Menu
The default Identity provider provided in ASP.NET 5 has very strict password rules by default, requiring a lower case character, an upper case character, a non-alphanumeric character, and a number. I am looking for a way to change the password requirements for the provider.
Previously in ASP.NET 4, the provider could be configured via the Web.config XML file, as previously answered. However ASP.NET 5 uses the new code based configuration pattern and it is unclear how to configure the identity.
How can I change the password requirements for my application?
854
ASP.NET Core Identity and password hashingThe app will create a hash of the password, and store it in the database along with the user's details. A hash is a one way function, so given the password you can work out the hash, but given the hash you can't get the original password back.
When creating users in MVC application want users to enter strong password and re-enter password to confirm. Add DataAnnotations namespace to login class. DataAnnotations have Compare attribute. [Compare("Password", ErrorMessage = "Confirm password doesn't match, Type again !")]
I actually ended up figuring this out, it turns out you need to supply AddDefaultIdentity with a suitable lambda expression that configures the IdentityOptions it provides. This is done inside the ConfigureServices method within the Startup class, like so:
public class Startup {
public void ConfigureServices(IServiceCollection services) {
// Add Identity services to the services container.
services.AddDefaultIdentity<ApplicationIdentityDbContext, ApplicationUser, IdentityRole>(Configuration,
o => {
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonLetterOrDigit = false;
o.Password.RequiredLength = 7;
});
}
}
Update 2:
The above was true in the beta1 versions of the framework, in the latest rc1 beta5 it has changed slightly to:
services.AddIdentity<ApplicationUser, IdentityRole>(o => {
// configure identity options
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonAlphanumeric = false;
o.Password.RequiredLength = 6;
})
.AddEntityFrameworkStores<ApplicationIdentityDbContext>()
.AddDefaultTokenProviders();
If you have set up a new Web project with Individual User Accounts go to:
App_Start -> IdentityConfig.cs
There you can edit the following defaults:
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
