Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set password rules for ASP.NET identity?

In my ASP.NET applications I have following settings in DefaultMembershipProvider and SqlMembershipProvider in web.config:

enablePasswordRetrieval="true"
passwordFormat="Clear" 
requiresQuestionAndAnswer="false" 

They are required for Digest authentication. I would like to move to ASP.NET Identity. I am using automated tool to update all web.config files that I manage.

How do I set these settings for ASP.NET Identity in the project generated by Visual Studio 2013?

like image 259
IT Hit WebDAV Avatar asked Oct 23 '13 00:10

IT Hit WebDAV


1 Answers

You need to provide IPasswordHasher implementation that can provide clear password without hashing. You can set UserManager.PasswordHasher to your implementation.

As of now, there is no web.config configurable settings for Identity. You need to provide appropriate mix of configurable in code, mainly in Startup.cs

It is not recommended to store passwords in clear format.

public class ClearPassword : IPasswordHasher
{
    public string HashPassword(string password)
    {
        return password;
    }

    public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
    {
        if(hashedPassword.Equals(providedPassword))
            return PasswordVerificationResult.Success;
        else return PasswordVerificationResult.Failed;
    }
}
like image 136
jd4u Avatar answered Nov 09 '22 23:11

jd4u