Introduction
By default, ASP.NET Identity requires that passwords must contain an uppercase character, a lowercase character, a digit and a non-alphanumeric character. ASP.NET Identity also requires that passwords must be at least 6 characters long.
If you don't follow these requirements while adding a user, ASP.NET Identity will consider the entered password as invalid.
This default configuration is defined in the IdentityConfig.cs file.
Custom password policy
In order to implement a custom password policy in ASP.NET Identity, we use the
PasswordValidator object.
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
| RequiredLength | The minimum required length of the password |
| RequireNonLetterOrDigit | Require a non letter or digit character in the password |
| RequireDigit | Require a digit ('0' - '9') in the password |
| RequireLowercase | Require a lower case letter ('a' - 'z') in the password |
| RequireUppercase | Require an upper case letter ('A' - 'Z') in the password |
In order to define your own validation logic for passwords, go to App_Start > IdentityConfig.cs and override the values of the above properties.