How to Customize default password complexity rules in asp.net core?

Asp.net core never allows you to create a simple password because it is easily crack able and also to restrict brute force attacks.

Suppose you enter some simple password like abcd it will throw an error.

  • Passwords must be at least 6 characters.
  • Passwords must have at least one non alphanumeric character.
  • Passwords must have at least one digit (‘0’-‘9’).
  • Passwords must have at least one uppercase (‘A’-‘Z’).

Check this link:- https://github.com/aspnet/AspNetCore/blob/master/src/Identity/Extensions.Core/src/PasswordOptions.cs

So if want to change this default behavior you need to do these changes in configure service method in a startup.cs class file.

For this, we need to add below code

services.Configure<IdentityOptions>(options =>
            {
                options.Password.RequiredLength = 12;
                options.Password.RequireDigit = false;
                options.Password.RequiredUniqueChars = 5;

            });

Now our complete method becomes

  public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();
            services.AddTransient<IStudentRepository,StudentRepo>();
            services.AddDbContextPool<OurDbContext>(options => options.UseSqlServer(_config.GetConnectionString("StudentDBString")));


            services.Configure<IdentityOptions>(options =>
            {
                options.Password.RequiredLength = 12;
                options.Password.RequireDigit = false;
                options.Password.RequiredUniqueChars = 5;

            });
            services.AddIdentity<IdentityUser, IdentityRole>()
                .AddEntityFrameworkStores<OurDbContext>();

            services.AddScoped<IStudentRepository, SQLStudentRepository>();
        }

By using IdentityOption in configure services we are able to override the 2 rules of password but by using this you can override all options of a password.

How to show login and logout link on the basis of user login or not in asp.net core?

To perform login and logout we use the SignInManager class in asp .net core identity.

We have to add a logout functionality button in the layout view so we need to insert SignInManager instance into _Layout view by using dependency injection. To insert instance in layout or razor view we use @inject

@using Microsoft.AspNetCore.Identity
@inject SignInManager<IdentityUser> SignInManager;

Need to add this _Layout view.

But we need to move using statement in a central file which is ViewImport file and we add this using statement in that, use of this is that minimize code duplication

Point to remember if you want to use any reference in view then you need to import or use using in that file.

To check the user is signed in or not use below code in view

SignInManager.IsSignedIn(User)

Code in Layout view

@inject SignInManager<IdentityUser> SignInManager;
<!DOCTYPE html>

<html>
<head>
    <meta name="viewport" content="width=device-width" />
    <title>@ViewBag.Title</title>
    <link href="~/lib/bootstrap/css/bootstrap.css" rel="stylesheet" />
    <script src="~/lib/jquery/jquery.js"></script>
    <script src="~/lib/bootstrap/js/bootstrap.js"></script>

</head>
<body>
    <div class="container">        
        <nav class="navbar  navbar-expand-lg navbar-dark bg-dark">
            <button type="button" class="navbar-toggler" data-toggle="collapse" data-target="#menu">
                <span class="navbar-toggler-icon"></span>
            </button>
            <div class="collapse navbar-collapse" id="menu">
                <ul class="navbar-nav">
                    <li class="nav-item">
                        <a asp-action="list" asp-controller="home" class="nav-link">List</a>
                    </li>
                    <li class="nav-item">
                        <a asp-action="Create" asp-controller="home" class="nav-link">Create</a>
                    </li>
                    
                    
                </ul>
                <ul class="navbar-nav ml-auto">
                    @if (SignInManager.IsSignedIn(User))
                    {
                        <li class="nav-item">
                            <form method="post" asp-action="LogOut" asp-controller="Account">
                                <button class="btn btn-light">
                                    Logout @User.Identity.Name
                                </button>
                            </form>
                        </li>
                    }
                    else
                    {

                        <li class="nav-item">
                            <a asp-action="Register" asp-controller="Account" class="nav-link">LogOut</a>
                        </li>


                        <li class="nav-item">
                            <a asp-action="Login" asp-controller="Account" class="nav-link">LogIn</a>
                        </li>
                    }

                </ul>

            </div>
        </nav>
      
        <div >
            @RenderBody()
        </div>

        <div>
            @if (IsSectionDefined("Scripts")) { }
            @RenderSection("Scripts", required: false)
        </div>
    </div>


    

</body>
</html>

Below is the code for call logout, login, register method in _Layoutview

<li class="nav-item">
 <a asp-action="Register" asp-controller="Account" class="nav-link">LogOut</a>
 </li>


<li class="nav-item">
    <a asp-action="Login" asp-controller="Account" class="nav-link">LogIn</a>
 </li>

Sagar Jaybhay, from Maharashtra, India, is currently a Senior Software Developer. He has continuously grown in the roles that he has held in the more than seven years he has been with this company. Sagar Jaybhay is an excellent team member and prides himself on his work contributions to his team and company as a whole.

Related posts