9

What is the easy way to customize password validation rules in asp.net core MVC? The problem is exactly like someone had here How To Change Password Validation in ASP.Net MVC Identity 2? the only difference is that I'm using asp.net CORE MVC (latest build) with Visual Studio 2015. I'd like to remove all password validation rules. There is no ApplicationUserManager class in the project, also I'm not sure if it's possible to customize UserManager validation rules in the Startup.cs file.

Improve this question

3 Answers 3

Reset to default
14 
public void ConfigureServices(IServiceCollection services)
{
     services.AddIdentity<ApplicationUser, IdentityRole>(options =>
            {
                options.Password.RequireDigit = true;
                options.Password.RequireLowercase = true;
                options.Password.RequireNonAlphanumeric = true;
                options.Password.RequireUppercase = true;
                options.Password.RequiredLength = 6;
                options.User.AllowedUserNameCharacters = null;
            })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();
}

Note: You should also change your new settings in RegisterViewModel.Password, ResetPasswordViewModel.Password, ChangePasswordViewModel.NewPassword and SetPasswordViewModel.NewPassword. to enable the new validation on front end.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

9

If you want simply disable some password restrictions (RequireLowercase, RequiredLength etc) - configure IdentityOptions.Password in Startup, like this:

services.Configure<IdentityOptions>(o =>
{
    o.Password.RequiredLength = 12;
});

If you want completely change password validation logic - implement IPasswordValidator and register it in Startup.

Improve this answer

Comments

2

Also you can use a public class to customize your errors messages. Like this:

public class CustomIdentityErrorDescriber : IdentityErrorDescriber
{
    public override IdentityError PasswordRequiresDigit()
    {
        return new IdentityError
        {
            Code = nameof(PasswordRequiresDigit),
            Description = "Your personal describe error message here."
        };
    }

}

In your Statup.cs, in ConfigureService add:

public void ConfigureServices(IServiceCollection services)
{
    services.AddIdentity<ApplicationUser, IdentityRole>()
            .AddEntityFrameworkStores<IdentityContext>()
            .AddErrorDescriber<CustomIdentityErrorDescriber>()
            .AddDefaultTokenProviders();

     //...
}
Improve this answer

1 Comment

Even though the question was about password validation and not messages, this is still useful. And to anyone who will be using this, you only need a single class and inside override every error describer you want to customize, a single .AddErrorDescriber<ClassName>() as well

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.