volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More
AI OnAI Offsmart_toy

Password validator in aspnet identity

Torunn Surnflødt
Torunn Surnflødt
Vote:
expand_less 0 expand_more

Hi!

We are developing a new Episerver site with aspnet identity. I managed to configure the passwordvalidator like this:

public class ApplicationBuilderExtensions
    {
        public static ApplicationUserManager<TUser> CustomApplicationUserManager<TUser>(IdentityFactoryOptions<ApplicationUserManager<TUser>> options, IOwinContext context) where TUser : IdentityUser, IUIUser, new()
        {
            var manager = new ApplicationUserManager<TUser>(new UserStore<TUser>(context.Get<ApplicationDbContext<TUser>>()));

            manager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6,
                RequireNonLetterOrDigit = false,
                RequireDigit = false,
                RequireLowercase = false,
                RequireUppercase = false
            };

(...)

Now I'm wondering how to access this password validator, when validating a password in a controller? 
I tried this:

var passwordValidator = ServiceLocator.Current.GetInstance<PasswordValidator>();

but it isn't populated with the values I set up in the ApplicationBuilderExtensions.

#208341
Oct 22, 2019 12:18
Thomas Schmidt
Thomas Schmidt
Vote:
expand_less 0 expand_more

you should not try to inject the password validator, instead you should use ApplicationUserManager.PasswordValidator where the ApplicationUserManager can be injected of course.

#208357
Oct 22, 2019 14:02
Quan Mai
Quan Mai
Vote:
expand_less 0 expand_more

pretty much untested, but this probably works (adding to ConfigureContainer method of one of your IConfigurableModule)

var services = context.Services;

  services.AddSingleton<PasswordValidator>((locator) => new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = false,
RequireDigit = false,
RequireLowercase = false,
RequireUppercase = false
});

Then you can add PasswordValidator into your controller via constructor injection (you would need to register a DependencyResolver if you haven't already)

#208358
Oct 22, 2019 14:42
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.