Ryan Ryan - 3 months ago 25
ASP.NET (C#) Question

How do I define the password rules for Identity in ASP.NET 5 MVC 6 (vNext)?

The default Identity provider provided in ASP.NET 5 has very strict password rules by default, requiring a lower case character, an upper case character, a non-alphanumeric character, and a number. I am looking for a way to change the password requirements for the provider.

Previously in ASP.NET 4, the provider could be configured via the Web.config XML file, as previously answered. However ASP.NET 5 uses the new code based configuration pattern and it is unclear how to configure the identity.

How can I change the password requirements for my application?

Answer

I actually ended up figuring this out, it turns out you need to supply AddDefaultIdentity with a suitable lamda expression that configures the IdentityOptions it provides. This is done inside the ConfigureServices method within the Startup class, like so:

public class Startup {
    public void ConfigureServices(IServiceCollection services) {

        // Add Identity services to the services container.
        services.AddDefaultIdentity<ApplicationIdentityDbContext, ApplicationUser, IdentityRole>(Configuration,
            o => {
                o.Password.RequireDigit = false;
                o.Password.RequireLowercase = false;
                o.Password.RequireUppercase = false;
                o.Password.RequireNonLetterOrDigit = false;
                o.Password.RequiredLength = 7;
            });
    }
}

Update 2:

The above was true in the beta1 versions of the framework, in the latest rc1 beta5 it has changed slightly to:

services.AddIdentity<ApplicationUser, IdentityRole>(o => {
    // configure identity options
    o.Password.RequireDigit = false;
    o.Password.RequireLowercase = false;
    o.Password.RequireUppercase = false;
    o.Password.RequireNonAlphanumeric = false;
    o.Password.RequiredLength = 6;
})
.AddEntityFrameworkStores<ApplicationIdentityDbContext>()
.AddDefaultTokenProviders();
Comments