Password Validation on Azure B2C SignUp

Question

We are using Custom SignUp/SignIn policy and have not changed any of the microsoft provided attributes and their rules.

For the password, validation is not working as per given in the policy

<ClaimType Id="newPassword">
    <DisplayName>New Password</DisplayName>
    <DataType>string</DataType>
    <UserHelpText>Enter new password</UserHelpText>
    <UserInputType>Password</UserInputType>
    <Restriction>
      <Pattern RegularExpression="^((?=.*[a-z])(?=.*[A-Z])(?=.*\d)|(?=.*[a-z])(?=.*[A-Z])(?=.*[^A-Za-z0-9])|(?=.*[a-z])(?=.*\d)(?=.*[^A-Za-z0-9])|(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9]))([A-Za-z\d@#$%^&amp;*\-_+=[\]{}|\\:',?/`~&quot;();!]|\.(?!@)){8,16}$" HelpText="8-16 characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ &amp; * - _ + = [ ] { } | \ : ' , ? / ` ~ &quot; ( ) ; ." />
    </Restriction>
  </ClaimType>

If I start to enter password in the textbox, it will display this Helptext as mentioned above but when I enter the password as "testT1234" and proceed, it is not enforcing the validation.

Please let me know if I have to add/update the custom policy to enforce what being said is implemented.

Thanks,

Answer 1

As per Regex and helptext, your given password "tesT1234" is matching fine.

I guess you understood differently and also kept thinking it should allow special character(s) to complete the password match.

As per regex & helptext: if your password satisfies 3 out of 4 conditions, B2C allows you to use that password. Your given password already met 3 conditions.

8-16 characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols:

You can happily tweak the regex and add your own match criteria.