Reputation: 12779
Configuring Password Requirements in ASP.net Core 3 Identity Doesn't Work
I've created a fresh .net Core 3.1 solution with ASP.net Identity.
The Register page requires a minimum of 6 characters.
I want to configure these requirements thus
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IdentityOptions>(options =>
{
options.Password.RequiredLength = 1;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequiredUniqueChars = 5;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddControllersWithViews();
services.AddRazorPages();
}
I've added the password options at the top there, but they are being ignored. 6 to 100 characters are still required to be entered when registering.
I've found many articles, eg:
Saying this should work. There isn't even an error so not sure how to problem solve this.
How can I get this working? Thanks.
Upvotes: 2
Views: 1224
Answers (3)
Reputation: 121
This limit (6 to 100 chars) is hardcoded in source of register page.
\Identity\Pages\Account\Register.cshtml.cs
You can edit the page afrer scaffold Identity templates.
[StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
[DataType(DataType.Password)]
public string Password { get; set; }
Upvotes: 0
Reputation: 839
A simple thing that you can double-check, is if you are indeed passing the password when creating the user. If you do not pass the password, Identity doesn't run any of its password validation rules, but still creates the user without errors.
result = await _userManager.CreateAsync(user, Input.Password);
Upvotes: 0
Reputation: 448
Hi @niico this identity password option will work when you submit the form and and Createasync function will return false. and it will jump to the
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
and bind the validation message and return to the page and will show in the top.
Thanks
Upvotes: 2
Related Questions
- How override ASP.NET Core Identity's password policy
- Why password checking always fail in ASP .NET Core Identity framework?
- Why do the ASP.NET Core password validation rules have no effect?
- How do I set password options in Aspnet Core 2.1
- ASP .NET Core Identity - Microsoft.AspNetCore.Identity.SignInManager: Warning: User failed to provide the correct password
- AspNet Core3 Identity configuration
- ASP.NET Core 2.0 Authentication NOT Working
- ASP.NET Identity - how to change password requirements when creating user programmatically
- Change password validation in asp.net identity
- custom password policy using ASP.NET Identity 3