Middleware that validates passwords against a blacklist.
Install the NuGet package into your ASP.NET Core application.
Install-Package StrongPass
dotnet add package StrongPass
- Register StrongPass in the ConfigureServices method of Startup.cs.
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddStrongPass<ApplicationUser>();
- Optionally configure the Code and Description properties of the IdentityError object and the passwords to blacklist.
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddStrongPass<ApplicationUser>(options =>
{
options.Code = "StrongPass";
options.Description = "Password is not strong enough.";
// Hard-coded blacklist.
options.FromCollection(new[]
{
"password",
"12345678"
});
// Loaded from file; one password per line.
options.FromFile("blacklist.txt");
});
The default password blacklist uses the top 1000 from SecLists.