Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

Hey everyone,

I’ve started on a new MVC5 project and came across the following error message while trying to register a new user:

Passwords must have at least one non letter or digit character.
Passwords must have at least one digit (‘0’-‘9’).
Passwords must have at least one uppercase (‘A’-‘Z’)

While having a secure password is obviously important, I felt that most users would probably find these requirements a little extreme. After a bit of Googling I came across a StackOverflow post that mentioned a config class that you can use to edit these settings:

// App_Start > IdentityConfig.cs

...

// Configure validation logic for usernames
            manager.UserValidator = new UserValidator(manager)
            {
                AllowOnlyAlphanumericUserNames = false,
                RequireUniqueEmail = true
            };
            // Configure validation logic for passwords
            manager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6,
                RequireNonLetterOrDigit = true,
                RequireDigit = true,
                RequireLowercase = true,
                RequireUppercase = true,
            };

...

Advertisements

3 thoughts on “Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

  1. Anonymous

    thank you ! stupid MS for using these settings as default and there’s so many places to set password restrictions, I couldn’t find it until I found your post. thanks again.

    Like

    Reply
  2. Davide Bedin (@bedindavide)

    Thanks for the info.
    It seems like the StringLength attribute of property Identity.Models.RegisterViewModel.Password (in ModelsAccountViewModels.cs) overlaps the RequiredLength mentioned above, enforcing a MinimumLength:
    [StringLength(100, ErrorMessage = “The {0} must be at least {2} characters long.”, MinimumLength = 6)].
    So if you want to influence the password length (i.e. decrease to 5) you might have to modify both.
    I found a Q&A on SO that connected the dots for me: http://stackoverflow.com/questions/20953371/asp-net-identity-require-strong-passwords#comment40701479_25055885

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s