5.9 KiB
| title | author | description | keywords | ms.author | manager | ms.date | ms.topic | ms.technology | ms.prod | uid |
|---|---|---|---|---|---|---|---|---|---|---|
| Configure ASP.NET Core Identity | AdrienTorris | Understand the ASP.NET Core Identity default values, and configure the various Identity properties to use custom values. | ASP.NET Core,Identity,authentication,security | scaddie | wpickett | 01/11/2018 | article | aspnet | asp.net-core | security/authentication/identity-configuration |
Configure Identity
ASP.NET Core Identity has common behaviors in applications such as password policy, lockout time, and cookie settings that you can override easily in your application's Startup class.
Passwords policy
By default, Identity requires that passwords contain an uppercase character, lowercase character, a digit, and a non-alphanumeric character. There are also some other restrictions. To simplify password restrictions, modify the ConfigureServices method of the Startup class of your application.
ASP.NET Core 2.x
ASP.NET Core 2.0 added the RequiredUniqueChars property. Otherwise, the options are the same from ASP.NET Core 1.x.
[!code-csharpMain]
ASP.NET Core 1.x
[!code-csharpMain]
IdentityOptions.Password has the following properties:
| Property | Description | Default |
|---|---|---|
RequireDigit |
Requires a number between 0-9 in the password. | true |
RequiredLength |
The minimum length of the password. | 6 |
RequireNonAlphanumeric |
Requires a non-alphanumeric character in the password. | true |
RequireUppercase |
Requires an upper case character in the password. | true |
RequireLowercase |
Requires a lower case character in the password. | true |
RequiredUniqueChars |
Requires the number of distinct characters in the password. | 1 |
User's lockout
[!code-csharpMain]
IdentityOptions.Lockout has the following properties:
| Property | Description | Default |
|---|---|---|
DefaultLockoutTimeSpan |
The amount of time a user is locked out when a lockout occurs. | 5 minutes |
MaxFailedAccessAttempts |
The number of failed access attempts until a user is locked out, if lockout is enabled. | 5 |
AllowedForNewUsers |
Determines if a new user can be locked out. | true |
Sign in settings
[!code-csharpMain]
IdentityOptions.SignIn has the following properties:
| Property | Description | Default |
|---|---|---|
RequireConfirmedEmail |
Requires a confirmed email to sign in. | false |
RequireConfirmedPhoneNumber |
Requires a confirmed phone number to sign in. | false |
User validation settings
[!code-csharpMain]
IdentityOptions.User has the following properties:
| Property | Description | Default |
|---|---|---|
RequireUniqueEmail |
Requires each User to have a unique email. | false |
AllowedUserNameCharacters |
Allowed characters in the username. | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+ |
Application's cookie settings
Like the passwords policy, all the settings of the application's cookie can be changed in the Startup class.
ASP.NET Core 2.x
Under ConfigureServices in the Startup class, you can configure the application's cookie.
[!code-csharpMain]
ASP.NET Core 1.x
[!code-csharpMain]
CookieAuthenticationOptions has the following properties:
| Property | Description | Default |
|---|---|---|
Cookie.Name |
The name of the cookie. | .AspNetCore.Cookies. |
Cookie.HttpOnly |
When true, the cookie is not accessible from client-side scripts. | true |
ExpireTimeSpan |
Controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created. | 14 days |
LoginPath |
When a user is unauthorized, they will be redirected to this path to login. | /Account/Login |
LogoutPath |
When a user is logged out, they will be redirected to this path. | /Account/Logout |
AccessDeniedPath |
When a user fails an authorization check, they will be redirected to this path. | |
SlidingExpiration |
When true, a new cookie will be issued with a new expiration time when the current cookie is more than halfway through the expiration window. | /Account/AccessDenied |
ReturnUrlParameter |
Determines the name of the query string parameter which is appended by the middleware when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. | true |
AuthenticationScheme |
This is only relevant for ASP.NET Core 1.x. The logical name for a particular authentication scheme. | |
AutomaticAuthenticate |
This flag is only relevant for ASP.NET Core 1.x. When true, cookie authentication should run on every request and attempt to validate and reconstruct any serialized principal it created. |