Skip to main content

One post tagged with "PASSWORD"

View All Tags

ASP.NET Identity - Weakening password policies

· 3 min read

This is the second article in a series of articles about ASP.NET Core Identity. You can find the first one here.

Problem

Let's suppose you created a new ASP.NET Core with the default Authentication (like in previous article). Then you run it and try to register a new user. On the registration form, we need to enter a password. Since we need to register a user for testing purposes first of all - we don't want to make the password too complicated. We'd prefer to keep it simple and easy-to-remember (in the end - it's not a production-mode system!)

However, if you try to enter something simple like "qwerty" or your name - you will get the following bunch of error messages:

  • Passwords must have at least one non-alphanumeric character.
  • Passwords must have at least one digit ('0'-'9').
  • Passwords must have at least one uppercase ('A'-'Z').

The reason for all these validation errors is that by default ASP.NET Core Identity has very strong password policies for the users. In the error messages above you can see the constraints which must be satisfied.

Adaptive CRUD for ASP.NET Core web apps. 10 minutes to set up. Open-source!