Reputation: 199
ASP.NET Identity Password Validation
I am using Identity in my MVC project, and it's all well and nice. Except the fact that the form for registering a new user has some crazy password requirements
Passwords must have at least one non letter or digit character. Passwords must have at least one digit
('0'-'9'). Passwords must have at least one uppercase('A'-'Z').
And here is the register model
public class RegisterViewModel
{
[Required]
[StringLength(50, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 2)]
[Display(Name = "First Name")]
public string FirstName { get; set; }
[Required]
[StringLength(50, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 2)]
[Display(Name = "Last Name")]
public string LastName { get; set; }
[Required]
[EmailAddress]
[Display(Name = "Email")]
public string Email { get; set; }
[Required]
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[DataType(DataType.Password)]
[Display(Name = "Passord")]
public string Password { get; set; }
[DataType(DataType.Password)]
[Display(Name = "Repeat Password")]
[Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
}
Account Controller
// POST: /Account/Register
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Register(RegisterViewModel model)
{
if (ModelState.IsValid)
{
var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
var result = await UserManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);
return RedirectToAction("Index", "Home");
}
AddErrors(result);
}
// If we got this far, something failed, redisplay form
return View(model);
}
I see the length requirement for the password, but I don't understand how to change the password validation so I don't need a non letter or digit character.
All help greatly appreciated, thank you.
Bonus: What does the {0} and {2} mean? Thank you.
Upvotes: 9
Views: 22029
Answers (2)
Reputation: 141
If you are using one of the ASP.NET template applications and have selected Authentication as 'Individual User Accounts' you will find the password options in a IdentityConfig.cs file in the App_Start folder in your application. Here you can change the password options as follows to turn off all requirements except the password length:
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = false,
RequireDigit = false,
RequireLowercase = false,
RequireUppercase = false,
};
Upvotes: 10
Reputation: 4033
In Startup.cs where you add the Identity Service you can add options for password validation:
services.AddIdentity<ApplicationUser, IdentityRole>(Configuration,
options =>
options.Password = new PasswordOptions
{
RequireDigit = true,
RequiredLength = 6,
RequireLowercase = true,
RequireUppercase = true,
RequireNonLetterOrDigit = false
})
[...];
Upvotes: 17
Related Questions
- Check if a password is valid using ASP.NET Identity 2
- asp.net core mvc password validators
- Custom IUser implementation - Validate password
- Change password validation in asp.net identity
- Build a custom user check password in Asp.Net Identity 2
- ASP.NET Identity, require 'strong' passwords
- ASP.NET Identity Change Password Validation False Negative
- How To Change Password Validation in ASP.Net MVC Identity 2?
- Validation of asp.net identity password
- Manual Password Verification ASP.NET