I have followed the SO example code and the official documentation but however I change the password length in my Aspnet core 2.1 project nothing changes.
I always get the message "The Password must be at least 6 and at max 100 characters long."
In public void ConfigureServices(IServiceCollection services)
I have tried
services.Configure<IdentityOptions>(options =>
{
options.Password.RequiredLength = 1;
});
in various places, or adding it to AddDefaultIdentity<>
services.AddDefaultIdentity<IdentityUser>(options =>
options.Password.RequiredLength = 1;
)
.AddEntityFrameworkStores<ApplicationDbContext>();
but to no avail.
I am using the non-scaffolded version so I don't have access to the HTML or cshtml files.
It looks like you've found a bug reason to scaffold. In the Razor Class Library that contains the Razor Pages implementation of the ASP.NET Core Identity UI, there's an InputModel
class for the Register
Page that looks like this:
public class InputModel
{
...
[Required]
[StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
[DataType(DataType.Password)]
[Display(Name = "Password")]
public string Password { get; set; }
...
}
It's clear from this code snippet that no matter what you set RequiredLength
to, the built-in ModelState
validation will always require a length of between 6 and 100 characters.
It's also worth noting that this doesn't just affect the Register
page - I've confirmed that it also affects ResetPassword
, SetPassword
and ChangePassword
.
In terms of a solution: Chris Pratt has pointed out in the comments that the only real way to resolve this is to scaffold the affected pages and make the necessary changes to the StringLength
attributes.
Update: The issue you've raised has been closed as a duplicate, with the solution being to scaffold the Pages and make the required change.
These are all the option for the password: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.2
services.Configure<IdentityOptions>(options =>
{
// Default Password settings.
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 6;
options.Password.RequiredUniqueChars = 1;
});
To modify the rule see this How override ASP.NET Core Identity's password policy https://andrewlock.net/creating-custom-password-validators-for-asp-net-core-identity-2/
Update
You can use PasswordValidator
and you can see how to customize the password policy in ASP.Net identity
public class ApplicationUserManager : UserManager<ApplicationUser>
{
public ApplicationUserManager(): base(new UserStore<ApplicationUser>(new ApplicationDbContext()))
{
PasswordValidator = new MinimumLengthValidator (6);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With