Configure Identity In ASP.NET Core 2.x

Introduction
 
Identity is a membership system that allows us to add login functionality to our application. In my previous article, I have explained about the overview of Identity in ASP.net Core. There are some default behaviors that can be overridden easily in our application in ConfigureService method of startup class.
 
Followings are the options that can be overridden.
 
PasswordOptions (Password Policy)
 
By default, Identity has some restrictions in a password, such as a password contains the uppercase and lowercase character, special character, digit etc. If we want to simplify the password restriction, we can override the behavior in configureServices method of startup class by setting up PasswordOptions class properties.
 
Following are the properties of PasswordOptions class
  • RequireDigit
    It is a Boolean type property. If it is set to true, user needs to enter a number between 0-9 in the password. By default, it is set to true.

  • RequiredLength
    It is integer type property. It denotes the minimum length of the password. By default, the value is 6.

  • RequireNonAlphanumeric
    It is Boolen type property. If it is set to true, user needs to enter a non-alphanumeric character in the password. By default, it is set to true.

  • RequireUppercase
    It is Boolen type property. If it is set to true, user needs to enter an upper case character in the password. By default, it is set to true.

  • RequireLowercase
    It is Boolen type property. If it is set to true, user needs to enter a lower case character in the password. By default, it is set to true.

  • RequiredUniqueChars
    It is integer type of property. It denotes the number of distinct characters in the password. By default, it is set to 1.
ASP.NET Core 1.x contains all the properties except "RequiredUniqueChars" property.
 
Example
  1. services.Configure<IdentityOptions>(options =>  
  2. {  
  3.     // Password settings  
  4.     options.Password.RequireDigit = true;  
  5.     options.Password.RequiredLength = 8;  
  6.     options.Password.RequireNonAlphanumeric = false;  
  7.     options.Password.RequireUppercase = true;  
  8.     options.Password.RequireLowercase = false;  
  9.     options.Password.RequiredUniqueChars = 1;  
  10. });  
LockoutOptions(User's lockout)
 
It contains the options for configuring user lockout. It has the following properties.
  • DefaultLockoutTimeSpan
    It is the amount of time for which user is locked out when a lockout occurs. By default, the value is 5 minutes.

  • MaxFailedAccessAttempts
    It is number of failed access attempts until a user is locked out if lockout is enabled. By default, the value is 5.

  • AllowedForNewUsers
    It is Boolean type property and determines if a new user can be locked out. By default, the value is true.
Example
  1. services.Configure<IdentityOptions>(options =>  
  2. {  
  3.     // Lockout settings  
  4.     options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(60);  
  5.     options.Lockout.MaxFailedAccessAttempts = 5;  
  6.     options.Lockout.AllowedForNewUsers = true;  
  7. });  
SignInOptions(Sign in settings)
 
It contains the options for configuring sign in. It has following properties.
  • RequireConfirmedEmail
    It is Boolean type property. This flag indicates whether a confirmed email address is required. By Default, it is set to false.

  • RequireConfirmedPhoneNumber
    It is Boolean type property. This flag indicates whether a confirmed phone number is required. By Default, it is set to false.
Example
  1. services.Configure<IdentityOptions>(options =>  
  2. {     
  3.     //Sign in settings  
  4.     options.SignIn.RequireConfirmedEmail = false;  
  5.     options.SignIn.RequireConfirmedPhoneNumber = false;  
  6. });  
UserOptions (User validation settings)
 
It contains the options for user validation. It has following properties.
  • RequireUniqueEmail
    It is Boolean type Property. This flag is indicating whether the application requires unique emails for its users. Default it is set to false

  • AllowedUserNameCharacters
    It contains list of allowed characters in the username. Default value is "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+"
Example
  1. services.Configure<IdentityOptions>(options =>  
  2. {  
  3.     //User settings  
  4.     options.User.RequireUniqueEmail = true;  
  5.     options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";  
  6. });  
ConfigureApplicationCookie(Cookie settings for Application)
 
It contains setting options related to application's cookie. It has following properties.
  • Cookie.Name
    It is a name of the cookie. Default value is "AspNetCore.Cookies".

  • Cookie.HttpOnly
    It is Boolean type Property. If it is set to true, the cookie is not accessible from client-side scripts. Default it is set to true.

  • ExpireTimeSpan
    It is timespan that indicate how much time the authentication ticket stored in the cookie and it will remain valid from the time it is created. Defaults to 14 days.

  • LoginPath
    It is a login page path. If a user is unauthorized, they will be redirected to this path. Default value is "/Account/Login".

  • LogoutPath
    It is logout page path. If a user is logged out, they will be redirected to this path. Default value is "/Account/Logout".

  • AccessDeniedPath
    It is path on that user will redirected When a user fails an authorization check. Default value is "/Account/AccessDenied".

  • SlidingExpiration
    It is Boolean type Property. If it is set to true, a new cookie will be issued with a new expiration time when the current cookie is more than halfway through the expiration window. Default it is set to true.

  • ReturnUrlParameter
    It is a URL (determines the name of the query string parameter) that is appended by the middleware when a 401 Unauthorized status code is changed to a 302 redirect onto the login path.
The properties AuthenticationScheme and AutomaticAuthenticate are depreciated in 2.x.
 
Example
  1. services.ConfigureApplicationCookie(options =>  
  2. {  
  3.     // Cookie settings  
  4.     options.Cookie.Name = "IdentityOverview";  
  5.     options.Cookie.HttpOnly = true;  
  6.     options.Cookie.Expiration = TimeSpan.FromDays(60);  
  7.     options.LoginPath = "/Account/Login";  
  8.     options.LogoutPath = "/Account/Logout";  
  9.     options.AccessDeniedPath = "/Account/AccessDenied";  
  10.     options.SlidingExpiration = true;  
  11.     options.ReturnUrlParameter = "/Home/Index";  
  12.     options.ExpireTimeSpan = TimeSpan.FromDays(60);  
  13. });  
Summary
 
The properties described above show how we can override the behavior of the Identity Option.