We have our users divided into groups. Each group has a different password policy. What i want to achieve is to dynamically load a password policy related to a particular user, before he/she wants to change a password and then validate the new password using this policy.

I know i can globally setup default password policy per entire application in startup class:

services.Configure<IdentityOptions>(options =>
    options.Password.RequireDigit = false;
    options.Password.RequiredLength = 5;
    options.Password.RequireLowercase = true;
    options.Password.RequireNonLetterOrDigit = true;
    options.Password.RequireUppercase = false;

It works great but we want to have user-based policies loaded at runtime.

The only solution that comes to my mind right now is to create my own IPasswordValidator implementation, where i could simply load my password policy and do everything by myself (meaning check if there is a lowercase letter in a new password if it was required by the policy attached to this user etc.). But before i start implementing this i wonder if there is a prettier solution.

Ideally what i would like to achieve is to validate user's password using a dynamically generated PasswordOptions object.

0 Answers