Check the following article at MSDN
Implementing custom password policy using ASP.NET Identity
The suggestion here is to extend the UserManager
class in the application and setting the PasswordValidator
property in the contructor:
public class MyUserManager : UserManager<ApplicationUser>
{
public MyUserManager() :
base(new UserStore<ApplicationUser>(new ApplicationDbContext()))
{
PasswordValidator = new MinimumLengthValidator(4);
}
}
And then in your controller (or controllers base class) instantiate MyUserManager
:
public BaseController() : this(new MyUserManager())
{
}
public BaseController(MyUserManager userManager)
{
UserManager = userManager;
}
public MyUserManager UserManager { get; private set; }
You may also implement a custom validator to check more complex password rules by implementing IIdentityValidator
and replacing the default validator.