1

Before anyone suggests that this is the same question as the link below:

How To Change Password Validation in ASP.Net MVC Identity 2?

I would like to assure people that it is more of a continuation of this question.

I went into the IdentityConfig.cs as the first answer to the above link suggested and changed all the options as follows:

        manager.PasswordValidator = new PasswordValidator
        {
            RequiredLength = 2,
            RequireNonLetterOrDigit = false,
            RequireDigit = false,
            RequireLowercase = false,
            RequireUppercase = false,
        };

Next, as the second answer suggested I also went into the AccountViewModels.cs class and changed the 2 places there which sets the minimum length of the password. I again set it from 6 to 2 (in both places it appears within the file.

    [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 2)]

I then went ahead and done a search for the phrase "must be at least" throughout the entire solution. I found one other class: ManageViewModels.cs and again in the two places this appeared I altered the minimum length setting it from 6 to 2 in both places, just as above.

I am trying to setup some default roles and a super user in the Startup.cs (Personally I would not do it this way, but I am just following an article on securing my CMS). One of the first steps is this.

In my Startup.cs I have the following simple code:

        //Here we create a Admin super user who will maintain the website                        
        var user = new ApplicationUser();
        user.UserName = "super";
        user.Email = "super@krypton.com";
        string userPWD = "1234";
        IdentityResult chkUser = UserManager.Create(user, userPWD);

        //Add default User to Role Admin
        if (chkUser.Succeeded)
        {
            IdentityResult result1 = UserManager.AddToRole(user.Id, "Admin");
        }

It should work. But when I break on it, and hover over the chkUser variable, I find that I am getting an error saying "The Password must be at least 6 characters long.".

Even after changing all the validation logic to say it should be 2 characters.

So my question is: Is there another location where yet more validation logic is done? Also, is there a single place where I can extract all this validation logic to (if so, can someone perhaps suggest a link or two to such a resource or provide a suggestion on how to approach it).

Community
  • 1
  • 1
Francis Rodgers
  • 4,565
  • 8
  • 46
  • 65
  • you can see [this](http://stackoverflow.com/questions/37260640/asp-net-mvc-identity-email-username-with-special-characters/37261830). Its about UserValidator but I think you are facing the same issue. – tmg Sep 05 '16 at 22:55
  • @tmg - thanks for the suggestion. I looked at the link and tried to implement it as suggested. The blocker I am facing is that it requires me to make the Startup.cs inherit from controller in order to give me the ability to add the GetOwinContext properties and inject them. The problem I face is that it is the Startup.cs file. It feels wrong, like adding a controller to the global.asax or something. Perhaps I am wrong? – Francis Rodgers Sep 05 '16 at 23:15

1 Answers1

0

The true and only link you can get is to the source code of PasswordValidator. Here you go: http://aspnetidentity.codeplex.com/SourceControl/latest#src/Microsoft.AspNet.Identity.Core/PasswordValidator.cs

Only it is really doing what it is supposed to do. I can only guess that you assigning PasswordValidator to the wrong instance of UserManager and settings that you set are not used.

What you can do is to copy the source code for PasswordValidator, paste it into your codebase and step-through in debug mode, figuring out where the requirement is coming from.

trailmax
  • 34,305
  • 22
  • 140
  • 234
  • From the code recommended (which may change by the time others read this in the future), I can see there is a required length property and a subsequent check. I also looked into the referenced resource file, I don't see any potential for a bug of any kind. However, I will do as you suggest and download and step through it to see the values as they are passed along. Thanks for your suggestion. – Francis Rodgers Sep 05 '16 at 22:53
  • @FrancisRodgers The linked codebase is for MVC5. Next version of Identity for ASP.Net Core is hosted on GitHub. And as far as I understand development on Identity v2.x is pretty much frozen. So don't worry about changed codebase -) – trailmax Sep 05 '16 at 23:54