Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I set password options in Aspnet Core 2.1

I have followed the SO example code and the official documentation but however I change the password length in my Aspnet core 2.1 project nothing changes.
I always get the message "The Password must be at least 6 and at max 100 characters long."

In public void ConfigureServices(IServiceCollection services) I have tried

services.Configure<IdentityOptions>(options =>
{
  options.Password.RequiredLength = 1;
});

in various places, or adding it to AddDefaultIdentity<>

services.AddDefaultIdentity<IdentityUser>(options =>
    options.Password.RequiredLength = 1;
  )
  .AddEntityFrameworkStores<ApplicationDbContext>();

but to no avail.

I am using the non-scaffolded version so I don't have access to the HTML or cshtml files.

like image 308
LosManos Avatar asked Dec 04 '18 20:12

LosManos


2 Answers

It looks like you've found a bug reason to scaffold. In the Razor Class Library that contains the Razor Pages implementation of the ASP.NET Core Identity UI, there's an InputModel class for the Register Page that looks like this:

public class InputModel
{
    ...

    [Required]
    [StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
    [DataType(DataType.Password)]
    [Display(Name = "Password")]
    public string Password { get; set; }

    ...
}

It's clear from this code snippet that no matter what you set RequiredLength to, the built-in ModelState validation will always require a length of between 6 and 100 characters.

It's also worth noting that this doesn't just affect the Register page - I've confirmed that it also affects ResetPassword, SetPassword and ChangePassword.

In terms of a solution: Chris Pratt has pointed out in the comments that the only real way to resolve this is to scaffold the affected pages and make the necessary changes to the StringLength attributes.


Update: The issue you've raised has been closed as a duplicate, with the solution being to scaffold the Pages and make the required change.

like image 176
Kirk Larkin Avatar answered Oct 12 '22 06:10

Kirk Larkin


These are all the option for the password: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.2

services.Configure<IdentityOptions>(options =>
{
    // Default Password settings.
    options.Password.RequireDigit = true;
    options.Password.RequireLowercase = true;
    options.Password.RequireNonAlphanumeric = true;
    options.Password.RequireUppercase = true;
    options.Password.RequiredLength = 6;
    options.Password.RequiredUniqueChars = 1;
});

To modify the rule see this How override ASP.NET Core Identity's password policy https://andrewlock.net/creating-custom-password-validators-for-asp-net-core-identity-2/

Update

You can use PasswordValidator and you can see how to customize the password policy in ASP.Net identity

public class ApplicationUserManager : UserManager<ApplicationUser>
  {
           public ApplicationUserManager(): base(new UserStore<ApplicationUser>(new ApplicationDbContext()))
           {
                 PasswordValidator = new MinimumLengthValidator (6);
           }
   }
like image 2
I_Al-thamary Avatar answered Oct 12 '22 05:10

I_Al-thamary