.NET MVC 6 / vNext UserValidator to allow alphanumeric characters

Question

What I'm trying to do is simply allow alphanumeric characters in the .NET MVC 6 / vNext registration process and every tutorial I've seen (ie Configure Microsoft.AspNet.Identity to allow email address as username) references UserManager.UserValidator, in which is now not available in the current framework.

I've seen this: UserValidator in Microsoft.AspNet.Identity vnext which looks to be the same issue as mine, but they've taken the UserNameValidationRegex property out of the framework since. Brilliant.

services.AddIdentity<ApplicationUser, IdentityRole>(
                o => {
                    o.Password.RequireDigit = false;
                    o.Password.RequireLowercase = false;
                    o.Password.RequireUppercase = false;
                    o.Password.RequireNonLetterOrDigit = false;
                    o.Password.RequiredLength = 2;
                    //o.User.AllowedUserNameCharacters here seems to be the only logical thing I can access
                })
                .AddEntityFrameworkStores<ApplicationDbContext>()
                .AddDefaultTokenProviders();

I've found o.User.AllowedUserNameCharacters, but with there being no documentation that I've found on this I've no idea what format I have to set that in? Anyone out there that's in the same boat and worked this out?

Thanks in advance.

Answer 1

I took a look at the aspnet/Identity GitHub repository and did a search for the property you have found (AllowedUserNameCharacters). Here's what I've got.

From the UserOptions.cs class in the repo: [Link Here]

/// <summary>
/// Gets or sets the list of allowed characters in the username used to validate user names.
/// </summary>
/// <value>
/// The list of allowed characters in the username used to validate user names.
/// </value>
public string AllowedUserNameCharacters { get; set; } = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";

So it would seem that you will need to set this property to be "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" (i.e. remove the symbols from the end of the orginally set string. This should achieve what you want.

In terms of why this change was made, according to issue #558, they are trying to move away from regular expressions for increased security. Have a look here for the full details.

Answer 2

As @DoubleVoid pointed out in the comments, you can use an empty string to allow any characters.