Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Set minimum Password Requirements? #3490


User avatar
0
OutdoorEd created

When creating a Tenant you can configure the default password requirements. All of the Security Features are handled on the Settings/Security Page. If you grant a Tenant access to that page, which may be important for them to control things like User Lockout and Two-Factor Authentication, you also give them the ability to change the password requirements. This means a Tenant could set up a 3 letter password requirement which compromises security for the entire application.

Is there a way to set or hardcode a minimum password requirement where the User cannot go below, for example 8 characters?

Another option would be to split off the Password Settings into a different Page Permission from Settings, that way the User still has access to the other parts of the Settings/Security but the Host could determine if Tenants can or cannot change the Password Complexity.


1 Answer(s)
  • User Avatar
    0
    alper created
    Support Team

    You can achieve your request by overriding UpdatePasswordComplexitySettingsAsync method in TenantSettingsAppService. When tenant saves password complexity check if it's below your intended. You can put a validation error on the client side as well.