Menu
By default, ASP.NET Core Identity's password policy require at least one special character, one uppercase letter, one number, ...
How can I change this restrictions ?
There is nothing about that in the documentation (https://docs.asp.net/en/latest/security/authentication/identity.html)
I try to override the Identity's User Manager but I don't see which method manages the password policy.
public class ApplicationUserManager : UserManager<ApplicationUser> { public ApplicationUserManager( DbContextOptions<SecurityDbContext> options, IServiceProvider services, IHttpContextAccessor contextAccessor, ILogger<UserManager<ApplicationUser>> logger) : base( new UserStore<ApplicationUser>(new SecurityDbContext(contextAccessor)), new CustomOptions(), new PasswordHasher<ApplicationUser>(), new UserValidator<ApplicationUser>[] { new UserValidator<ApplicationUser>() }, new PasswordValidator[] { new PasswordValidator() }, new UpperInvariantLookupNormalizer(), new IdentityErrorDescriber(), services, logger // , contextAccessor ) { } public class PasswordValidator : IPasswordValidator<ApplicationUser> { public Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password) { return Task.Run(() => { if (password.Length >= 4) return IdentityResult.Success; else { return IdentityResult.Failed(new IdentityError { Code = "SHORTPASSWORD", Description = "Password too short" }); } }); } } public class CustomOptions : IOptions<IdentityOptions> { public IdentityOptions Value { get; private set; } public CustomOptions() { Value = new IdentityOptions { ClaimsIdentity = new ClaimsIdentityOptions(), Cookies = new IdentityCookieOptions(), Lockout = new LockoutOptions(), Password = null, User = new UserOptions(), SignIn = new SignInOptions(), Tokens = new TokenOptions() }; } } } I add this user manager dependency in startup's class :
services.AddScoped<ApplicationUserManager>(); But when I'm using ApplicationUserManager in controllers, I have the error : An unhandled exception occurred while processing the request.
InvalidOperationException: Unable to resolve service for type 'Microsoft.EntityFrameworkCore.DbContextOptions`1[SecurityDbContext]' while attempting to activate 'ApplicationUserManager'.
EDIT: User's management works when I use the ASP.NET Core Identity's default classes, so it's not a database problem, or something like this
EDIT 2 : I found the solution, you have just to configure Identity in the startup's class. My answer gives some details.
951
The ASP.NET Core Identity has a User Lockout feature to improve application security by locking out a user that enters a password incorrectly several times. This technique is very useful in protecting against brute force attacks, where a hacker repeatedly tries to guess a password.
It's sooooo simple in the end ...
No need to override any class, you have just to configure the identity settings in your startup class, like this :
services.Configure<IdentityOptions>(options => { options.Password.RequireDigit = false; options.Password.RequiredLength = 5; options.Password.RequireLowercase = true; options.Password.RequireNonLetterOrDigit = true; options.Password.RequireUppercase = false; }); Or you can configure identity when you add it :
services.AddIdentity<ApplicationUser, IdentityRole>(options=> { options.Password.RequireDigit = false; options.Password.RequiredLength = 4; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = false; options.Password.RequireLowercase = false; }) .AddEntityFrameworkStores<SecurityDbContext>() .AddDefaultTokenProviders(); AS.NET Core is definitively good stuff ...
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With