Reputation: 11
Asp.net identity 2.0 password policy change no MVC
I am recreating a project in asp.net 4.5 without MVC but using Identity 2.0. There are no examples on the net about changing the Identity password policy without using MVC... sadly. Does anyone know how to go about this?
Upvotes: 1
Views: 1935
Answers (1)
Reputation: 1406
I think the best way for understanding how this is done, is to create a new dummy website project by template with authentication. In Visual Studio 2013 this is done by New Project -> Web -> ASP.NET Web Application. In the popping up window you select Web Forms. There check if the authentication is set to Single User Accounts or something similar (I am using the german version of Visual Studio here). This should be the default setting.
IdentityConfig.cs
After creating the project you have a lot of sample files in your solution. Change to App_Start -> IdentityConfig.cs. In this class you can set the password policy in this class:
public class ApplicationUserManager : UserManager<ApplicationUser> {
public ApplicationUserManager(IUserStore<ApplicationUser> store)
: base(store) {}
public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context) {
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
manager.UserValidator = new UserValidator<ApplicationUser>(manager) {
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
manager.PasswordValidator = new PasswordValidator {
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
manager.RegisterTwoFactorProvider("PhoneCode", new PhoneNumberTokenProvider<ApplicationUser> {
MessageFormat = "Your security code is: {0}"
});
manager.RegisterTwoFactorProvider("EmailCode", new EmailTokenProvider<ApplicationUser> {
Subject = "SecurityCode",
BodyFormat = "Your security code is: {0}"
});
manager.EmailService = new EmailService();
manager.SmsService = new SmsService();
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null) {
manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"));
}
return manager;
}
}
In this block
manager.PasswordValidator = new PasswordValidator {
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
you can configure the password policy the way you like.
StartUp.Auth.cs
Afterwards have a look at the partial class Startup in App_Start -> Startup.Auth.cs
There you can see, how the authentication is being configured
public partial class Startup {
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(20),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
}
}
Startup.cs
Last but not least check out the class Startup.cs which you find in the root of your dummy project, to see where the ConfigureAuth method is being called
using Microsoft.Owin;
using Owin;
[assembly: OwinStartupAttribute(typeof(your_dummy_project_namespace.Startup))]
namespace your_dummy_project_namespace
{
public partial class Startup {
public void Configuration(IAppBuilder app) {
ConfigureAuth(app);
}
}
}
Upvotes: 1
Related Questions
- How override ASP.NET Core Identity's password policy
- How do I define the password rules for Identity in ASP.NET 5 MVC 6 (vNext)?
- ASP.NET Identity change password
- Identity 2.0 Reset password by Admin
- Change password validation in asp.net identity
- ASP.NET Identity Change Password Validation False Negative
- ASP.NET Identity password requirements overriding my own
- How To Change Password Validation in ASP.Net MVC Identity 2?
- custom password policy using ASP.NET Identity 3
- Changing password asp.net identity