Configure Identity

ASP.NET Core Identity has some default behaviors that you can override easily in your application's startup class.

Password's policy

By default, Identity requires very secure passwords who have to contains uppercase character, lowercase character, digits and some others restrictions that you sometimes need to simplify. It's very simple to do that, all the configuration is accessible in the startup class of your application.

// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = false;

With the same philosophy of the password's policy, all the settings about the application's cookie can be changed in the startup class.

            // Cookie settings
options.Cookies.ApplicationCookie.CookieName = "YouAppCookieName";
            options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(150);
            options.Cookies.ApplicationCookie.LoginPath = "/Account/LogIn";
            options.Cookies.ApplicationCookie.LogoutPath = "/Account/LogOff";
options.Cookies.ApplicationCookie.AccessDeniedPath = "/Account/AccessDenied";
            options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
            options.Cookies.ApplicationCookie.AuthenticationScheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme;
            options.Cookies.ApplicationCookie.ReturnUrlParameter = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.ReturnUrlParameter;

User's lockout

// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 10;
options.Lockout.AllowedForNewUsers = true;