Altering ASP.NET Core Services DefaultIdentity does not alter the password options

Question

After Scaffolding Identity Authentication, I am having difficulty altering the Identity Options.

I used this command:

dotnet new webapp --auth Individual -o mywebapp

Then furthermore I altered the Startup.cs file as such, altering the Identity options:

 public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlite(
                Configuration.GetConnectionString("DefaultConnection")));

        services.AddDefaultIdentity<IdentityUser>(config =>
        {
            // TODO
            //config.SignIn.RequireConfirmedEmail = true;
        })
            .AddDefaultUI(UIFramework.Bootstrap4)
            .AddEntityFrameworkStores<ApplicationDbContext>();


        services.Configure<IdentityOptions>(options =>
        {
            // Password settings
            options.Password.RequireDigit = true;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireUppercase = false;
            options.Password.RequireLowercase = false;
            options.Password.RequiredLength = 3;
            options.Password.RequiredUniqueChars = 1;

            // Lockout settings
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
            options.Lockout.MaxFailedAccessAttempts = 5;
            options.Lockout.AllowedForNewUsers = true;

            // User settings
            options.User.RequireUniqueEmail = true;
        });

Setting options.Password.RequiredLength has no effect.

When I run the application the browser shows an error message:

The Password must be at least 6 and at max 100 characters long.

I am not expecting the error "least 6"; From what I read it should be "3". How do I fix this?

So much black magic is happening, and searching for the frase "at least" reveals nothing.

Edit ---> Adding the ViewModel Code that was scaffolded:

namespace netplus.Models.Account
{
   public class RegisterViewModel
   {
      [Required, MaxLength(256)]
      public string Username { get; set; }

      [Required, DataType(DataType.Password)]
      public string Password { get; set; }

      [DataType(DataType.Password), Compare(nameof(Password))]
      public string ConfirmPassword { get; set; }
   }
}

Possible duplicate of [How do I set password options in Aspnet Core 2.1](https://stackoverflow.com/questions/53620708/how-do-i-set-password-options-in-aspnet-core-2-1) — Kirk Larkin, Apr 18 '19 at 07:11
@KirkLarkin yes it does seem like that, and following the link to Github, shows the bug as "Identity ignoring RequiredLength #774" and it is dated 16 Mar 2016. Wondering if it is really a duplicate because it has not been fixed in asp.net core 2.2.0. — Wayne, Apr 18 '19 at 08:33
I wasn't entirely clear on the way you've got your project configured, so I'm not sure that it's a duplicate either. I don't understand why you have `RegisterViewModel` and where it comes from. The error message you describe comes from the "Default UI", so I expect it may well be the same issue underneath it all. — Kirk Larkin, Apr 18 '19 at 08:37
@KirkLarkin, I started a simple project (using Mac Visual Studio), new solution, Web Application MVC .Net Core. The I drop to the command line and run this command to add authentication, "dotnet new webapp --auth Individual", Then I run the project and try and change the required password length, as this will just hinder me from testing manually; I then noticed that the option to control the password length has no effect. — Wayne, Apr 18 '19 at 08:39
That all sounds like it's the same issue I've linked and that @TaoZhou has answered - the command you've shown shouldn't generate a `RegisterViewModel` class like that, so that's what's a bit confusing here. — Kirk Larkin, Apr 18 '19 at 08:45

score 1 · Answer 1 · answered Apr 18 '19 at 02:59

1

For IdentityOptions, it is configured for _userManager.CreateAsync(user, Input.Password) to validate the password.

For The Password must be at least 6 and at max 100 characters long, this is controlled by ViewModel in RegisterModel.

You could not use IdentityOptions to control this client side validation.

Follow steps below to control it:

Right click project ->Add New Scaffold Item-> Identity->Check Account\Register->Select right Data context class

Open RegisterModel and modify the InputModel for client validation

public class InputModel
{
    [Required]
    [EmailAddress]
    [Display(Name = "Email")]
    public string Email { get; set; }

    [Required]
    [StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
    [DataType(DataType.Password)]
    [Display(Name = "Password")]
    public string Password { get; set; }

    [DataType(DataType.Password)]
    [Display(Name = "Confirm password")]
    [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
    public string ConfirmPassword { get; set; }
}

answered Apr 18 '19 at 02:59

Edward

28,296
11
76
121

Hi Tao, Thank you for showing the code. I have updated the question to show the current ViewModel. What is strange is that the Username does not have the attribute of [EmailAddress], neither does the Password have the attributes defined, yet when I run the application I notice that the Username must be an Email address and that the password must be 6 characters long. Still wondering where the "default" are originating from. – Wayne Apr 18 '19 at 04:38
After applying the Attributes, [Display(Name = "Magic")]; the output is the same. It seems all the Attributes have no effect on the UI. Wondering if it will have an effect if this is used ".AddDefaultUI(UIFramework.Bootstrap4)". – Wayne Apr 18 '19 at 04:57
@Wayne What is your current `RegisterModel ` PageModel? Please note, my step is adding `Identity` Scaffold, not only a normal class. – Edward Apr 18 '19 at 05:07
There is no "RegisterModel", only "RegisterViewModel". I used this command to generate the code: "dotnet new webapp --auth Individual" – Wayne Apr 18 '19 at 05:20
@Wayne Have you follow `Right click project ->Add New Scaffold Item-> Identity->Check Account\Register->Select right Data context class`? What is your current .net core sdk? – Edward Apr 18 '19 at 05:21
I use Visual Studio Mac Version 8.0.3, right click does not provide the option you mentioned. The current project is using SDK 2.2.0. – Wayne Apr 18 '19 at 08:23
@Wayne For command, refer [Scaffold identity into a Razor project with authorization](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-2.2&tabs=netcore-cli#scaffold-identity-into-a-razor-project-with-authorization) – Edward Apr 18 '19 at 08:38

Altering ASP.NET Core Services DefaultIdentity does not alter the password options

1 Answers1