9

I am using Identity in my MVC project, and it's all well and nice. Except the fact that the form for registering a new user has some crazy password requirements

Passwords must have at least one non letter or digit character. Passwords must have at least one digit ('0'-'9'). Passwords must have at least one uppercase ('A'-'Z').

And here is the register model

public class RegisterViewModel
{
    [Required]
    [StringLength(50, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 2)]
    [Display(Name = "First Name")]
    public string FirstName { get; set; }

    [Required]
    [StringLength(50, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 2)]
    [Display(Name = "Last Name")]
    public string LastName { get; set; }

    [Required]
    [EmailAddress]
    [Display(Name = "Email")]
    public string Email { get; set; }

    [Required]
    [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
    [DataType(DataType.Password)]
    [Display(Name = "Passord")]
    public string Password { get; set; }

    [DataType(DataType.Password)]
    [Display(Name = "Repeat Password")]
    [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
    public string ConfirmPassword { get; set; }
}

Account Controller

    // POST: /Account/Register
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
            var result = await UserManager.CreateAsync(user, model.Password);
            if (result.Succeeded)
            {
                await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);
                return RedirectToAction("Index", "Home");
            }
            AddErrors(result);
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

I see the length requirement for the password, but I don't understand how to change the password validation so I don't need a non letter or digit character.

All help greatly appreciated, thank you.

Bonus: What does the {0} and {2} mean? Thank you.

Mosia Thabo
  • 4,009
  • 1
  • 14
  • 24
Patrick Fritch
  • 199
  • 1
  • 2
  • 10
  • that validation is probably in your `AccountController` somewhere. – DLeh Mar 04 '15 at 16:18
  • Search your project for "RequireNonLetterOrDigit" and see [here](http://stackoverflow.com/questions/24796454/how-to-change-password-validation-in-asp-net-mvc-identity-2?rq=1). Bonus: that is a format string with two placeholders for the 0th and 2nd parameter passed to that format. – Jasen Mar 04 '15 at 16:32
  • Here's a more complete [answer](http://stackoverflow.com/questions/13425320/what-parameters-does-the-stringlength-attribute-errormessage-take) for the format string. – Jasen Mar 04 '15 at 16:39

2 Answers2

17

In Startup.cs where you add the Identity Service you can add options for password validation:

services.AddIdentity<ApplicationUser, IdentityRole>(Configuration, 
    options => 
        options.Password = new PasswordOptions 
        { 
            RequireDigit = true, 
            RequiredLength = 6, 
            RequireLowercase = true, 
            RequireUppercase = true, 
            RequireNonLetterOrDigit = false 
        })
[...];
Alkasai
  • 3,757
  • 1
  • 19
  • 25
  • This is what I needed using the ASP.NET Core Web Application (.NET Core) project template with Individual User Accounts. – theguy Jul 15 '16 at 02:52
  • 1
    I changed this - no effect it still enforces the same password requirements – niico Oct 16 '16 at 13:21
10

If you are using one of the ASP.NET template applications and have selected Authentication as 'Individual User Accounts' you will find the password options in a IdentityConfig.cs file in the App_Start folder in your application. Here you can change the password options as follows to turn off all requirements except the password length:

manager.PasswordValidator = new PasswordValidator
        {
            RequiredLength = 6,
            RequireNonLetterOrDigit = false,
            RequireDigit = false,
            RequireLowercase = false,
            RequireUppercase = false,
        };
Munes
  • 141
  • 1
  • 8