By default, ASP.NET Core Identity's password policy require at least one special character, one uppercase letter, one number, ...
How can I change this restrictions ?
There is nothing about that in the documentation (https://docs.asp.net/en/latest/security/authentication/identity.html)
I try to override the Identity's User Manager but I don't see which method manages the password policy.
public class ApplicationUserManager : UserManager<ApplicationUser>
{
public ApplicationUserManager(
DbContextOptions<SecurityDbContext> options,
IServiceProvider services,
IHttpContextAccessor contextAccessor,
ILogger<UserManager<ApplicationUser>> logger)
: base(
new UserStore<ApplicationUser>(new SecurityDbContext(contextAccessor)),
new CustomOptions(),
new PasswordHasher<ApplicationUser>(),
new UserValidator<ApplicationUser>[] { new UserValidator<ApplicationUser>() },
new PasswordValidator[] { new PasswordValidator() },
new UpperInvariantLookupNormalizer(),
new IdentityErrorDescriber(),
services,
logger
// , contextAccessor
)
{
}
public class PasswordValidator : IPasswordValidator<ApplicationUser>
{
public Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password)
{
return Task.Run(() =>
{
if (password.Length >= 4) return IdentityResult.Success;
else { return IdentityResult.Failed(new IdentityError { Code = "SHORTPASSWORD", Description = "Password too short" }); }
});
}
}
public class CustomOptions : IOptions<IdentityOptions>
{
public IdentityOptions Value { get; private set; }
public CustomOptions()
{
Value = new IdentityOptions
{
ClaimsIdentity = new ClaimsIdentityOptions(),
Cookies = new IdentityCookieOptions(),
Lockout = new LockoutOptions(),
Password = null,
User = new UserOptions(),
SignIn = new SignInOptions(),
Tokens = new TokenOptions()
};
}
}
}
I add this user manager dependency in startup's class :
services.AddScoped<ApplicationUserManager>();
But when I'm using ApplicationUserManager in controllers, I have the error : An unhandled exception occurred while processing the request.
InvalidOperationException: Unable to resolve service for type 'Microsoft.EntityFrameworkCore.DbContextOptions`1[SecurityDbContext]' while attempting to activate 'ApplicationUserManager'.
EDIT: User's management works when I use the ASP.NET Core Identity's default classes, so it's not a database problem, or something like this
EDIT 2 : I found the solution, you have just to configure Identity in the startup's class. My answer gives some details.
It's sooooo simple in the end ...
No need to override any class, you have just to configure the identity settings in your startup class, like this :
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredLength = 5;
options.Password.RequireLowercase = true;
options.Password.RequireNonLetterOrDigit = true;
options.Password.RequireUppercase = false;
});
Or you can configure identity when you add it :
services.AddIdentity<ApplicationUser, IdentityRole>(options=> {
options.Password.RequireDigit = false;
options.Password.RequiredLength = 4;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
})
.AddEntityFrameworkStores<SecurityDbContext>()
.AddDefaultTokenProviders();
AS.NET Core is definitively good stuff ...
You can modify these rules in IdentityConfig.cs file. The rules are defined in
public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
// Configure validation logic for usernames
manager.UserValidator = new UserValidator<ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 5,
RequireNonLetterOrDigit = false,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
}
来源:https://stackoverflow.com/questions/39825634/how-override-asp-net-core-identitys-password-policy