62

How To Change Password Validation in ASP.Net MVC5 Identity 2 ?

Thanks

Nazmul Hossain
  • 2,085
  • 5
  • 25
  • 34
  • 4
    Well , By Default asp.net MVC registration form data annotation work for client site validation.that's good. but after submitting the form this validation come. "Passwords must have at least one non letter or digit character. Passwords must have at least one lowercase ('a'-'z'). Passwords must have at least one uppercase ('A'-'Z'). " but i can't find this message validation code to modify myself. How can i change it ? – Nazmul Hossain Jul 17 '14 at 07:11
  • 2
    Update : ASP.Net MVC5 Identity2 video tutorial http://www.youtube.com/playlist?list=PLQYI2ou09WiRPs55DJ9Q4rxGSgSMNCvNx – Nazmul Hossain Jan 31 '15 at 22:19

2 Answers2

184

In the MVC project template in VS2013 Update 2, there should be a file called App_Start/IdentityConfig.cs. In it you should find the class ApplicationUserManager and a static factory method called Create(). That's where the user manager class is configured, including the server-side validation rules for passwords are defined. For example:

manager.PasswordValidator = new PasswordValidator
{
    RequiredLength = 6,
    RequireNonLetterOrDigit = true,
    RequireDigit = true,
    RequireLowercase = true,
    RequireUppercase = true,
};
Anthony Chu
  • 37,170
  • 10
  • 81
  • 71
  • 5
    One thing to note, the default rules you listed will result in an error for the password `Test123` with the message "Passwords must have at least one non letter or digit character." which is very deceiving because it seems that if both `RequireNonLetterOrDigit` and `RequireDigit` are `true` that `RequireDigit` steals the numeric text and forces the password validation to fail, then tells the user to do something they already did. – Chris Marisic Sep 09 '14 at 15:04
  • 3
    RequireNonLetterOrDigit = the password requires a character that is not a letter and not a digit. –  Nov 19 '14 at 16:41
  • 5
    How do you override the error text that is returned? – Brian Behm Mar 18 '15 at 19:18
  • 2
    In the new ASP.NET 5, corresponding method couldn't be found. Can you suggest any other way that will work in that? – It's a trap Mar 05 '16 at 10:54
  • 1
    @It'satrap - In Startup.cs there's a method called ConfigureServices. In there you want you want to modify the services.AddIdentity call to this: services.AddIdentity(x => { x.Password.RequiredLength = 6; x.Password.RequireUppercase = false; x.Password.RequireLowercase = false; x.Password.RequireNonAlphanumeric = false; }) .AddEntityFrameworkStores() .AddDefaultTokenProviders(); – Mike Devenney Jul 19 '17 at 13:10
16

In addition to Anthony Chu's answer,

You may also need to change it in Models folder > AccountViewModel.cs > class RegisterViewModel (as well as class ResetPasswordViewModel)

Change "MinimumLength = 6" (need to scroll right)

 [Required]
 [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
 [DataType(DataType.Password)]
 [Display(Name = "Password")]
 public string Password { get; set; }
nanonerd
  • 1,964
  • 6
  • 23
  • 49
  • In my case I had the code mentioned above in `ApplicationUserManager.cs` located within the `Model` folder. – webworm Aug 10 '16 at 15:21
  • I have set some options to add a user in the Startup.cs file. Part of this is setting the user password. When set here, even after changing the details in both this answer and Anthony's answer. I still get a requirement to put the password at 6 characters long. Even though in both places (and also the ManagerViewModels.cs SetPasswordViewModel and ChangePasswordViewModel classes I set all of them to 2. Is there yet another place where this check is done. I'm using VS2015? – Francis Rodgers Sep 05 '16 at 21:49