Password history feature

[mbarqawi]

Salam ,
I wonder if you have the Password history check policy in your roadmap ?
If not do you have any reconditions on how to impalement it ?
thanks

CC @mrashed

[hikalkan]

Selam,

This is related to module-zero actually. To do that, it seems two change required:

1. Override ChangePasswordAsync method of UserManager to save user's password to a table if base.ChangePasswordAsync returns success.

2. Create your own PasswordValidator and set it to PasswordValidator property of UserManager in it's constructor. If you create your own PasswordValidator, you can derive from Microsoft.AspNet.Identity.PasswordValidator which already makes many checks. Override ValidateAsync method and add your own logic.

Have a nice day.

[ghost]

it's implemented on aspnet_membership
https://ronanmoriarty.wordpress.com/2012/03/14/implementing-password-history-using-a-custom-membership-provider/

and on ASP.NET Identity
https://blogs.msdn.microsoft.com/webdev/2014/01/06/implementing-custom-password-policy-using-asp-net-identity/

[abou-emish]

@hikalkan you are very generous in you support :)

Thank you

[hikalkan]

You're welcome :)

[laksh-parab]

Do we also have to override UserManager.ResetPasswordAsync to make sure new password follow the policy?

[ismcagdas]

@laksh-parab it is a choice you have to make I guess. In some apps it might not be the desired usage.