0

I have a project where I am using ASP.NET Core Identity (with IdentityServer4) for user authentication.

When I use ChangePasswordAsync to change password, it is allowing the new password to be the same as the current password. Is there a way to prevent this?

Improve this question
6
  • Share your code that is being used to change your password. Commented Nov 15, 2020 at 14:57
  • you could implement in the controller, if there's one, to prevent old password == new password. If you would like to implement on identity API itself, try stackoverflow.com/questions/42787120 . Moreover, i believe you might be intereseted in password reuse policy, for your reference: stackoverflow.com/questions/15065429 and stackoverflow.com/questions/48783202 Commented Nov 15, 2020 at 19:54
  • I was trying to avoid implementing password validator, but as I see now, there's no other option but using it. Commented Nov 16, 2020 at 4:34
  • Thank you very much for extra resources. Commented Nov 16, 2020 at 4:40
  • using old password == new password. is not an option because it will compare the two passwords without validating the password. so if the user enters a random word(not the correct password) in current and new password, a warning will be shown, which doesn't make sense. Commented Nov 16, 2020 at 4:53

1 Answer 1

Reset to default
0

Adding a custom password validator in which you can do a Login-Request with username + the new password.

If this Login is successful then the password hasn't changed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.