8

What I'm trying to do is simply allow alphanumeric characters in the .NET MVC 6 / vNext registration process and every tutorial I've seen (ie Configure Microsoft.AspNet.Identity to allow email address as username) references UserManager.UserValidator, in which is now not available in the current framework.

I've seen this: UserValidator in Microsoft.AspNet.Identity vnext which looks to be the same issue as mine, but they've taken the UserNameValidationRegex property out of the framework since. Brilliant.

services.AddIdentity<ApplicationUser, IdentityRole>(
                o => {
                    o.Password.RequireDigit = false;
                    o.Password.RequireLowercase = false;
                    o.Password.RequireUppercase = false;
                    o.Password.RequireNonLetterOrDigit = false;
                    o.Password.RequiredLength = 2;
                    //o.User.AllowedUserNameCharacters here seems to be the only logical thing I can access
                })
                .AddEntityFrameworkStores<ApplicationDbContext>()
                .AddDefaultTokenProviders();

I've found o.User.AllowedUserNameCharacters, but with there being no documentation that I've found on this I've no idea what format I have to set that in? Anyone out there that's in the same boat and worked this out?

Thanks in advance.

Community
  • 1
  • 1
Chris Dixon
  • 9,147
  • 5
  • 36
  • 68

3 Answers3

12

I took a look at the aspnet/Identity GitHub repository and did a search for the property you have found (AllowedUserNameCharacters). Here's what I've got.

From the UserOptions.cs class in the repo: [Link Here]

/// <summary>
/// Gets or sets the list of allowed characters in the username used to validate user names.
/// </summary>
/// <value>
/// The list of allowed characters in the username used to validate user names.
/// </value>
public string AllowedUserNameCharacters { get; set; } = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";

So it would seem that you will need to set this property to be "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" (i.e. remove the symbols from the end of the orginally set string. This should achieve what you want.

In terms of why this change was made, according to issue #558, they are trying to move away from regular expressions for increased security. Have a look here for the full details.

Jamie Dunstan
  • 3,725
  • 2
  • 24
  • 38
  • 1
    Really appreciate you spending the time going through the Github repository and answering this one for me, I'm sure it's going to help a lot of others out in the future too. Thank you! – Chris Dixon Feb 05 '16 at 11:46
  • 1
    @ChrisDixon You're welcome sir. Glad it was useful :) – Jamie Dunstan Feb 05 '16 at 11:48
  • Just stumbled upon this answer. Seriously?! What about usernames containing e.g. cyrillic characters or umlauts or any other non ASCII UTF8-16 char?! Can this field be empty to skip the check at all?! – DoubleVoid Nov 02 '16 at 21:14
  • 1
    Okay, string.empty skips the check ... meh ... this all seems to be rather overcomplicated atm – DoubleVoid Nov 02 '16 at 21:23
  • 1
    The default value for this has been updated to include the + symbol. [Issue tracker](https://github.com/aspnet/Identity/issues/742) and [source](https://github.com/aspnet/Identity/blob/release/src/Microsoft.AspNetCore.Identity/UserOptions.cs) – Steve S May 09 '17 at 10:35
2

As @DoubleVoid pointed out in the comments, you can use an empty string to allow any characters.

Martin Dawson
  • 7,455
  • 6
  • 49
  • 92
0

In case you want special character in your email. Try code below

    services.Configure<IdentityOptions>(options = { 
            options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&'*+-/=?^_`{|}~.@";
  });

Valid email address https://en.wikipedia.org/wiki/Email_address#Local-part

Hung Quach
  • 2,079
  • 2
  • 17
  • 28