+977-9849845061

In-built Password Validation Options for ASP.NET Core Identity

Security is essential to all types of applications, including web applications.

ASP.NET Core Identity provides the pre-built services for creating users, verifying passwords, authorizing users, and signing users in to application. It also provides additional features such as Two-Factor authentication (2FA) and login with Third Party Login Provider and account lockout after too many failed attempts to login.


The default settings

By default, ASP.NET Identity Core sets a default set of validation rules for new passwords:

  • Passwords must be at least 6 characters
  • Passwords must have at least one lowercase (‘a’-‘z’)
  • Passwords must have at least one uppercase (‘A’-‘Z’)
  • Passwords must have at least one digit (‘0’-‘9’)
  • Passwords must have at least one non alphanumeric character

If you want to change default password validators, like increase the minimum length of Password, allow LowerCase and disable Require Digit in Password, we can add identity to the DI Container in ConfigureServices method of Startup Class.

Default Configure Services Method in Startup Class in ASP.NET Core
Fig: Default Configure Services Method in Startup Class in ASP.NET Core

 

AddIdentity  accept options as part of which allows control over the basic characteristics of what is required for Passwords. Here is a sample AddIdentity.

 

Note: You should also change your new settings in

  • RegisterViewModel.Password
  • ResetPasswordViewModel.Password
  • ChangePasswordViewModel.NewPassword
  • SetPasswordViewModel.NewPassword.

to enable the new validation on front end.

 

 

 

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...