How to Customize Password Policy in ASP.Net Identity
By FoxLearn Published on Feb 18, 2024 426
This post shows you how to customize password policy in ASP.NET MVC Identity to provide better security to your application.
By default, ASP.NET MVC Identity requires a minimum password length of 6 characters and here we change it. To do that you need to create a CustomPasswordValidator class, then implement the IIdentityValidator interface.
public class CustomPasswordValidator : IIdentityValidator<string>
{
public int RequiredLength { get; set; }
public CustomPasswordValidator(int length) {
RequiredLength = length;
}
public Task<IdentityResult> ValidateAsync(string password) {
if (String.IsNullOrEmpty(password) || password.Length < RequiredLength)
{
return Task.FromResult(IdentityResult.Failed(
String.Format("Password should be at least {0} characters", RequiredLength)));
}
int counter = 0;
List<string> patterns = new List<string>();
patterns.Add(@"[a-z]"); // lowercase
patterns.Add(@"[A-Z]"); // uppercase
patterns.Add(@"[0-9]"); // digits
patterns.Add(@"[!@#$%^&*\(\)_\+\-\={}<>,\.\|""'~`:;\\?\/\[\]]"); // special symbols
//check patterns
foreach (string p in patterns)
{
if (Regex.IsMatch(password, p))
counter++;
}
if (counter < 2)
{
return Task.FromResult(IdentityResult.Failed(
"Please enter your password at least two lowercase letters, uppercase letters, number letters and special symbols."));
}
return Task.FromResult(IdentityResult.Success);
}
}You can use Regex to check your pattern. The Regex class represents the regular expression engine of the .NET Framework. It can be used to quickly parse large amounts of text to find specific character patterns to extract, edit, replace or delete text substrings.
Open the IdentityConfig.cs the modify PasswordValidator as shown below
manager.PasswordValidator = new CustomPasswordValidator(7);
- Essential Tips for Securing Your ASP.NET Website
- Top Security Best Practices for ASP.NET
- Boost Your ASP.NET Core Website Performance with .NET Profiler
- The name 'Session' does not exist in the current context
- Implementing Two-Factor Authentication with Google Authenticator in ASP.NET Core
- How to securely reverse-proxy ASP.NET Core
- How to Retrieve Client IP in ASP.NET Core Behind a Reverse Proxy
- Only one parameter per action may be bound from body in ASP.NET Core
Categories
Popular Posts
11 Things You Didn't Know About Cloudflare
Dec 19, 2024
AdminKit Bootstrap 5 HTML5 UI Kits Template
Nov 17, 2024
RuangAdmin Template
Nov 13, 2024
Admin BSB Free Bootstrap Admin Dashboard
Nov 14, 2024