Historical Post: This article was originally written in 2016. The technology discussed may be outdated or deprecated. Keeping it here for historical reference and to show I’ve been blogging since 2015!
Changing Password Policy
The password requirements in ASP.NET Core Identity are quite restrictive by default. If you want to ease these constraints for your user base, you’ll need to modify how IdentityRoles get initialized during application startup.
The modification happens in the ConfigureServices method of your startup class. The implementation is straightforward and takes minimal effort.
Implementation in Startup.cs
Around line 53 in startup.cs, extend the options object using a lambda expression to adjust the Password settings. Use the AddIdentity method like this:
services.AddIdentity<ApplicationUser, IdentityRole>(options => { options.Password.RequireDigit = false; options.Password.RequireLowercase = false; options.Password.RequireUppercase = false; options.Password.RequireNonLetterOrDigit = false; options.Password.RequiredLength = 7; }) .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders();Important Note: In ASP.NET Core RC2, the property “RequireNonLetterOrDigit” was renamed to “RequireNonAlphanumeric.”
After saving your changes and restarting the application, test by creating a new user account to verify the updated password policy works as expected.
Additional Resources
For additional information, consult the ASP.NET Core documentation. Since this leverages the same IdentityServer from ASP.NET 4, that documentation may fill gaps.