How do I set password options in Aspnet Core 2.1

Question

I have followed the SO example code and the official documentation but however I change the password length in my Aspnet core 2.1 project nothing changes.
I always get the message "The Password must be at least 6 and at max 100 characters long."

In public void ConfigureServices(IServiceCollection services) I have tried

services.Configure<IdentityOptions>(options =>
{
  options.Password.RequiredLength = 1;
});

in various places, or adding it to AddDefaultIdentity<>

services.AddDefaultIdentity<IdentityUser>(options =>
    options.Password.RequiredLength = 1;
  )
  .AddEntityFrameworkStores<ApplicationDbContext>();

but to no avail.

I am using the non-scaffolded version so I don't have access to the HTML or cshtml files.

Nothing has changed in this regard. The code you've posted is fine. What is the exact issue you're having? — Chris Pratt, Dec 04 '18 at 20:33
As @KirkLarkin noted, the password length is separately enforced by the models of some Razor Pages in the default UI. If you want to reduce the length requirement, you have no choice but to scaffold at least these pages into your project and customize the page models accordingly. — Chris Pratt, Dec 04 '18 at 20:40
Have you tried the `Manage Nuget Packages’ ` https://blogs.msdn.microsoft.com/webdev/2014/01/06/implementing-custom-password-policy-using-asp-net-identity/ — I_Al-thamary, Dec 04 '18 at 20:52

Kirk Larkin · Accepted Answer · 2018-12-04T21:24:32.870

It looks like you've found a ~~bug~~ reason to scaffold. In the Razor Class Library that contains the Razor Pages implementation of the ASP.NET Core Identity UI, there's an InputModel class for the Register Page that looks like this:

public class InputModel
{
    ...

    [Required]
    [StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
    [DataType(DataType.Password)]
    [Display(Name = "Password")]
    public string Password { get; set; }

    ...
}

It's clear from this code snippet that no matter what you set RequiredLength to, the built-in ModelState validation will always require a length of between 6 and 100 characters.

It's also worth noting that this doesn't just affect the Register page - I've confirmed that it also affects ResetPassword, SetPassword and ChangePassword.

In terms of a solution: Chris Pratt has pointed out in the comments that the only real way to resolve this is to scaffold the affected pages and make the necessary changes to the StringLength attributes.

Update: The issue you've raised has been closed as a duplicate, with the solution being to scaffold the Pages and make the required change.

I_Al-thamary · Answer 2 · 2021-05-27T08:01:34.990

2

These are all the option for the password: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.2

services.Configure<IdentityOptions>(options =>
{
    // Default Password settings.
    options.Password.RequireDigit = true;
    options.Password.RequireLowercase = true;
    options.Password.RequireNonAlphanumeric = true;
    options.Password.RequireUppercase = true;
    options.Password.RequiredLength = 6;
    options.Password.RequiredUniqueChars = 1;
});

To modify the rule see this How override ASP.NET Core Identity's password policy https://andrewlock.net/creating-custom-password-validators-for-asp-net-core-identity-2/

Update

You can use PasswordValidator and you can see how to customize the password policy in ASP.Net identity

public class ApplicationUserManager : UserManager<ApplicationUser>
  {
           public ApplicationUserManager(): base(new UserStore<ApplicationUser>(new ApplicationDbContext()))
           {
                 PasswordValidator = new MinimumLengthValidator (6);
           }
   }

edited May 27 '21 at 08:01

answered Dec 04 '18 at 20:36

I_Al-thamary

3,385
2
24
37

This doesn't answer the question. As a matter of fact, OP did try this (and posted it) and is looking for an alternative to set passwords with less than 6 chars, as the options doesn't work for such cases. – kerzek May 26 '21 at 21:14
See the question and you can find that it support `ASP.NET Core 2.1, 1.0, 1.1, 2.0, 2.2, 3.0, 3.1, 5.0` https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.passwordoptions.requiredlength?view=aspnetcore-5.0, – I_Al-thamary May 27 '21 at 07:35
I already updated it, and I hope that helps. – I_Al-thamary May 27 '21 at 08:02
1

It does help, much appreciated. With a custom class makes it much clear. – kerzek May 27 '21 at 18:28

How do I set password options in Aspnet Core 2.1

2 Answers2

Linked