I've got a "ForceChangePassword" page for after "ForgotPassword" and it is randomly throwing two length requirements on the "NewPassword" field. The problem is, I never added a length requirement of 7 and have no idea where it is coming from or how to change it.
Errors from ModelState
The New password must be at least 6 characters long.
The 'New password' field is an invalid password. Password must have 7 or more characters.
if (!ModelState.IsValid) { return View(model); } // Only line executed in the POST Action.
I set the length requirement to 6 on the ViewModel via Attribute (see below). I have no idea where the 7 requirement is coming from.
IdentityConfig.cs
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
Model
[Required]
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[MembershipPassword(
MinRequiredNonAlphanumericCharacters = 1,
MinNonAlphanumericCharactersError = "Your password needs to contain at least one symbol (!, @, #, etc).",
ErrorMessage = "Your password must be 6 characters long and contain at least one symbol (!, @, #, etc)."
)]
[DataType(DataType.Password)]
[Display(Name = "New password")]
public string NewPassword { get; set; }
View
<div class="form-group">
@Html.LabelFor(m => m.NewPassword, new { @class = "col-md-2 control-label" })
<div class="col-md-10">
@Html.PasswordFor(m => m.NewPassword, new { @class = "form-control", @autocomplete = "off" })
</div>
</div>
Culprit attribute:
data-val-password-min="7"
Question: Where are the possible locations to add password-length validation in an MVC 5 project using Identity 2.0? Could there be a default-requirement of some sort I'm just not setting?
Note: I'll add more code if necessary but I've posted all possibly relevant code I know of. Nothing else mentions passwords at all (to my knowledge, let me know if there are more locations).
Found it. The MembershipPassword attribute had a default of 7 length I guess. It was having double length requirement simply because that attribute has a length requirement and I had a StringLength attribute too. So it threw errors for both.
Fix:
[Required]
[MembershipPassword(
MinRequiredNonAlphanumericCharacters = 1,
MinNonAlphanumericCharactersError = "Your password needs to contain at least one symbol (!, @, #, etc).",
ErrorMessage = "Your password must be 6 characters long and contain at least one symbol (!, @, #, etc).",
MinRequiredPasswordLength = 6
)]
[DataType(DataType.Password)]
[Display(Name = "New password")]
public string NewPassword { get; set; }
(Set the MinRequiredPasswordLength and removed the StringLength attribute)
In App_Start\IdentityConfig.cs there's the following code:
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
That is what you need to change. [MembershipPassword] is from the older ASP.NET Membership authentication, which is totally different and separate from Identity.
来源:https://stackoverflow.com/questions/29281294/places-you-can-add-password-validation-in-mvc