How do I define the password rules for Identity in ASP.NET 5 MVC 6 (vNext)?
If you have set up a new Web project with Individual User Accounts go to:
App_Start -> IdentityConfig.cs
There you can edit the following defaults:
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
in startup.cs:
services.AddIdentity<ApplicationUser, IdentityRole>(x =>
{
x.Password.RequiredLength = 6;
x.Password.RequireUppercase = false;
x.Password.RequireLowercase = false;
x.Password.RequireNonAlphanumeric = false;
}).AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders();
I actually ended up figuring this out, it turns out you need to supply AddDefaultIdentity with a suitable lambda expression that configures the IdentityOptions it provides. This is done inside the ConfigureServices method within the Startup class, like so:
public class Startup {
public void ConfigureServices(IServiceCollection services) {
// Add Identity services to the services container.
services.AddDefaultIdentity<ApplicationIdentityDbContext, ApplicationUser, IdentityRole>(Configuration,
o => {
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonLetterOrDigit = false;
o.Password.RequiredLength = 7;
});
}
}
Update 2:
The above was true in the beta1 versions of the framework, in the latest rc1 beta5 it has changed slightly to:
services.AddIdentity<ApplicationUser, IdentityRole>(o => {
// configure identity options
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonAlphanumeric = false;
o.Password.RequiredLength = 6;
})
.AddEntityFrameworkStores<ApplicationIdentityDbContext>()
.AddDefaultTokenProviders();