Introduction
Identity is a membership system that allows us to add login functionality to our application. In
my previous article, I have explained about the
overview of Identity in ASP.net Core. There are some default behaviors that can be overridden easily in our application in ConfigureService method of startup class.
Followings are the options that can be overridden.
PasswordOptions (Password Policy)
By default, Identity has some restrictions in a password, such as a password contains the uppercase and lowercase character, special character, digit etc. If we want to simplify the password restriction, we can override the behavior in configureServices method of startup class by setting up PasswordOptions class properties.
Following are the properties of PasswordOptions class
- RequireDigit
It is a Boolean type property. If it is set to true, user needs to enter a number between 0-9 in the password. By default, it is set to true.
- RequiredLength
It is integer type property. It denotes the minimum length of the password. By default, the value is 6.
- RequireNonAlphanumeric
It is Boolen type property. If it is set to true, user needs to enter a non-alphanumeric character in the password. By default, it is set to true.
- RequireUppercase
It is Boolen type property. If it is set to true, user needs to enter an upper case character in the password. By default, it is set to true.
- RequireLowercase
It is Boolen type property. If it is set to true, user needs to enter a lower case character in the password. By default, it is set to true.
- RequiredUniqueChars
It is integer type of property. It denotes the number of distinct characters in the password. By default, it is set to 1.
ASP.NET Core 1.x contains all the properties except "RequiredUniqueChars" property.
Example
- services.Configure<IdentityOptions>(options =>
- {
-
- options.Password.RequireDigit = true;
- options.Password.RequiredLength = 8;
- options.Password.RequireNonAlphanumeric = false;
- options.Password.RequireUppercase = true;
- options.Password.RequireLowercase = false;
- options.Password.RequiredUniqueChars = 1;
- });
LockoutOptions(User's lockout)
It contains the options for configuring user lockout. It has the following properties.
- DefaultLockoutTimeSpan
It is the amount of time for which user is locked out when a lockout occurs. By default, the value is 5 minutes.
- MaxFailedAccessAttempts
It is number of failed access attempts until a user is locked out if lockout is enabled. By default, the value is 5.
- AllowedForNewUsers
It is Boolean type property and determines if a new user can be locked out. By default, the value is true.
Example
- services.Configure<IdentityOptions>(options =>
- {
-
- options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(60);
- options.Lockout.MaxFailedAccessAttempts = 5;
- options.Lockout.AllowedForNewUsers = true;
- });
SignInOptions(Sign in settings)
It contains the options for configuring sign in. It has following properties.
- RequireConfirmedEmail
It is Boolean type property. This flag indicates whether a confirmed email address is required. By Default, it is set to false.
- RequireConfirmedPhoneNumber
It is Boolean type property. This flag indicates whether a confirmed phone number is required. By Default, it is set to false.
Example
- services.Configure<IdentityOptions>(options =>
- {
-
- options.SignIn.RequireConfirmedEmail = false;
- options.SignIn.RequireConfirmedPhoneNumber = false;
- });
UserOptions (User validation settings)
It contains the options for user validation. It has following properties.
- RequireUniqueEmail
It is Boolean type Property. This flag is indicating whether the application requires unique emails for its users. Default it is set to false
- AllowedUserNameCharacters
It contains list of allowed characters in the username. Default value is "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+"
Example
- services.Configure<IdentityOptions>(options =>
- {
-
- options.User.RequireUniqueEmail = true;
- options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- });
ConfigureApplicationCookie(Cookie settings for Application)
It contains setting options related to application's cookie. It has following properties.
- Cookie.Name
It is a name of the cookie. Default value is "AspNetCore.Cookies".
- Cookie.HttpOnly
It is Boolean type Property. If it is set to true, the cookie is not accessible from client-side scripts. Default it is set to true.
- ExpireTimeSpan
It is timespan that indicate how much time the authentication ticket stored in the cookie and it will remain valid from the time it is created. Defaults to 14 days.
- LoginPath
It is a login page path. If a user is unauthorized, they will be redirected to this path. Default value is "/Account/Login".
- LogoutPath
It is logout page path. If a user is logged out, they will be redirected to this path. Default value is "/Account/Logout".
- AccessDeniedPath
It is path on that user will redirected When a user fails an authorization check. Default value is "/Account/AccessDenied".
- SlidingExpiration
It is Boolean type Property. If it is set to true, a new cookie will be issued with a new expiration time when the current cookie is more than halfway through the expiration window. Default it is set to true.
- ReturnUrlParameter
It is a URL (determines the name of the query string parameter) that is appended by the middleware when a 401 Unauthorized status code is changed to a 302 redirect onto the login path.
The properties AuthenticationScheme and AutomaticAuthenticate are depreciated in 2.x.
Example
- services.ConfigureApplicationCookie(options =>
- {
-
- options.Cookie.Name = "IdentityOverview";
- options.Cookie.HttpOnly = true;
- options.Cookie.Expiration = TimeSpan.FromDays(60);
- options.LoginPath = "/Account/Login";
- options.LogoutPath = "/Account/Logout";
- options.AccessDeniedPath = "/Account/AccessDenied";
- options.SlidingExpiration = true;
- options.ReturnUrlParameter = "/Home/Index";
- options.ExpireTimeSpan = TimeSpan.FromDays(60);
- });
Summary
The properties described above show how we can override the behavior of the Identity Option.