RequireNonLetterOrDigit not correctly validated

Question

I created a password validator as follows:

manager.PasswordValidator = new PasswordValidator
{
    RequiredLength = 8,
    RequireNonLetterOrDigit = false, 
    RequireDigit = false,
    RequireLowercase = true,
    RequireUppercase = true,
};

But, a password such as Testing123 is considered invalid:

Passwords must have at least one non letter or digit character.

The error message is pretty unclear, it says that the password should have at least one non letter or digit character. Well, I have 3 digits. So what's wrong then? When I add an non letter

Answer 1

Both the name and documentation of this property are ambiguous. This should be:

Gets or sets whether the password requires a character that is not a letter and not a digit.

Answer 2

    public class CustomPasswordValidator : PasswordValidator
{
    public override async Task<IdentityResult> ValidateAsync(string password)
    {
        var requireNonLetterOrDigit = base.RequireNonLetterOrDigit;
        base.RequireNonLetterOrDigit = false;
        var result = await base.ValidateAsync(password);

        if (!requireNonLetterOrDigit)
            return result;

        if (!Enumerable.All<char>((IEnumerable<char>)password, new Func<char, bool>(this.IsLetterOrDigit)))
            return result;

        // Build a new list of errors so that the custom 'PasswordRequireNonLetterOrDigit' could be added. 
        List<string> list = new List<string>();
        foreach (var error in result.Errors)
        {
            list.Add(error);
        }
        // Add our own message: (The default by MS is: 'Passwords must have at least one non letter or digit character.')
        list.Add("Passwords must have at least one character that is neither a letter or digit. (E.g. '£ $ % ^ _ etc.')");
        result = await Task.FromResult<IdentityResult>(IdentityResult.Failed(string.Join(" ", (IEnumerable<string>)list)));

        return result;
    }
}