Suggested Videos
Part 65 - ASP.NET Core Identity tutorial from scratch | Text | Slides
Part 66 - Register new user using asp.net core identity | Text | Slides
Part 67 - ASP.NET Core Identity UserManager and SignInManager | Text | Slides
In this video we will discuss how to configure password complexity rules in asp.net core using asp.net core IdentityOptions class.
By default, asp.net core identity does not allow creating simple passwords to protect our application from automated brute-force attacks. When we try to register a new user account with a simple password like abc, the account creation fails and you will see the following validation errors.
ASP.NET Core Identity Password Default Settings
In ASP.NET Core Identity, Password Default Settings are specified in the PasswordOptions class. You can find the source code of this class on the asp.net core github repo at the following link. Simply search in the repo for the PasswordOptions class.
https://github.com/aspnet/AspNetCore
How to override password default settings in asp.net core identity
We could do this by, using the Configure() method of the IServiceCollection interface in the ConfigureServices() method of the Startup class
OR
We could also do this while adding Identity services
ASP.NET Core IdentityOptions
In this example, we are using the IdentityOptions object to configure PasswordOptions. We could also use this IdentityOptions object to configure
Part 65 - ASP.NET Core Identity tutorial from scratch | Text | Slides
Part 66 - Register new user using asp.net core identity | Text | Slides
Part 67 - ASP.NET Core Identity UserManager and SignInManager | Text | Slides
In this video we will discuss how to configure password complexity rules in asp.net core using asp.net core IdentityOptions class.
By default, asp.net core identity does not allow creating simple passwords to protect our application from automated brute-force attacks. When we try to register a new user account with a simple password like abc, the account creation fails and you will see the following validation errors.
ASP.NET Core Identity Password Default Settings
In ASP.NET Core Identity, Password Default Settings are specified in the PasswordOptions class. You can find the source code of this class on the asp.net core github repo at the following link. Simply search in the repo for the PasswordOptions class.
https://github.com/aspnet/AspNetCore
public class PasswordOptions
{
public int RequiredLength { get; set; } = 6;
public int RequiredUniqueChars {
get; set; } = 1;
public bool
RequireNonAlphanumeric { get; set; } = true;
public bool RequireLowercase { get; set; } = true;
public bool RequireUppercase { get; set; } = true;
public bool RequireDigit { get; set; } = true;
}
How to override password default settings in asp.net core identity
We could do this by, using the Configure() method of the IServiceCollection interface in the ConfigureServices() method of the Startup class
services.Configure<IdentityOptions>(options
=>
{
options.Password.RequiredLength = 10;
options.Password.RequiredUniqueChars = 3;
options.Password.RequireNonAlphanumeric = false;
});
OR
We could also do this while adding Identity services
services.AddIdentity<IdentityUser,
IdentityRole>(options =>
{
options.Password.RequiredLength = 10;
options.Password.RequiredUniqueChars = 3;
options.Password.RequireNonAlphanumeric = false;
})
.AddEntityFrameworkStores<AppDbContext>();
ASP.NET Core IdentityOptions
In this example, we are using the IdentityOptions object to configure PasswordOptions. We could also use this IdentityOptions object to configure
- UserOptions
- SignInOptions
- LockoutOptions
- TokenOptions
- StoreOptions
- ClaimsIdentityOptions
No comments:
Post a Comment
It would be great if you can help share these free resources