Share via

Change Password Complexity in ASP.NET MVC (NOT CORE)

Bryan Valencia 186 Reputation points
2023-08-14T21:36:51.1033333+00:00

This is frustrating. And all the web searches I have done lead to code examples that absolutely do not work (i.e. set properties that aren't there, go to a screen that doesn't exist, etc.).

I have an app I am going to deploy in my own house.

Here's the particulars:

  • Microsoft Visual Studio Community 2022 (64-bit) - Current Version 17.6.5
  • ASP.NET Web Application (.NET Framework)
  • .NET Framework 4.8.1
  • SQL Server Web (for authentication DB)

I went to create a user, and the password complexity settings are way too high for this simple little app.

In other words, it wants letters, numbers, symbols, etc. that I just DON'T NEED.

Please do not lecture me about long, complex passwords. This will not even be online outside my house.

So there USED TO BE a file somewhere in the project (years ago) where you could just set all that stuff. Now, I think it's getting it from a Machine.config file somewhere, but I want to explicitly set it in my project (not ruin the complexity for my other projects).

I have seen a TON of answers online that advise me to add a bunch of stuff to my web.config in the <system.web> section, but those answers must've been from a darker time, because it was all red squigglies and compile errors.

Even the MS site has pages and pages about CORE, but seemingly nothing about ASP.NET.

I'm not switching to core. I hate linux and have no plans to use it.

Developer technologies ASP.NET Other
Microsoft Security Microsoft Identity Manager
0 comments
Accepted answer
  1. QiYou-MSFT 4,326 Reputation points Microsoft External Staff
    2023-08-15T07:50:17.34+00:00

    Hi @Bryan Valencia

    Both the front-end and back-end can accomplish this requirement.

    Back_end

    Modify the IdentityConfig .cs file in the App_Start folder.

      manager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6,
                RequireNonLetterOrDigit = true,
                RequireDigit = true,
                RequireLowercase = true,
                RequireUppercase = true,
            };

    Test1

    After modification:

      manager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6,
                RequireNonLetterOrDigit = false,
                RequireDigit = false,
                RequireLowercase = false,
                RequireUppercase = false,
            };

    Test2

    If your project does not have this file, you can choose the validation method when you create the project.

    Test3

    Front-end :

    The front-end can judge each character through JavaScript.

    function pass(){
			var password = document.getElementById("psw").value;
				if(password.length<6){	
					alert("The password entered must be greater than six digits")
					return;}else{
						var count =0
						for (var i=0;i<password.length;i++) {
							if((password[i]>='a' && password[i]<='z')||(password[i]>='A' && password[i]<='Z')){
								count++;
							}
						}
						if(count>=1){
							alert("legitimate!")
						}else{
							alert("The password must contain letters")
						}
					}
			}

    Best regards,
    Qi You

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.