Configure Microsoft.AspNet.Identity to allow email address as username
asp.netasp.net Identityasp.net Problem Overview
I'm in the process of creating a new application and started out using EF6-rc1, Microsoft.AspNet.Identity.Core 1.0.0-rc1, Microsoft.AspNet.Identity.EntityFramework 1.0.0-rc1, Microsoft.AspNet.Identity.Owin 1.0.0-rc1, etc and with the RTM releases yesterday, I updated them via NuGet this evening to RTM.
Apart from a couple of code changes to the work I'd done so far, all seemed to be going well, until I tried to create a local user account for the app.
I had been working on e-mail addresses being the username format which with the release candidate worked great, but now when creating a user with an email address for a username, it throws up the following validation error:
> User name [email protected] is invalid, can only contain letters or digits.
I've spent the last hour or so searching for a solution or documentation on configuration options for it, but to no avail.
Is there a way I can configure it to allow e-mail addresses for usernames?
asp.net Solutions
Solution 1 - asp.net
You can allow this by plugging in your own UserValidator on the UserManager, or just by turning it off on the default implementation:
UserManager.UserValidator = new UserValidator<TUser>(UserManager) { AllowOnlyAlphanumericUserNames = false }
Solution 2 - asp.net
The C# version of this (in App_Code\IdentityModels.cs) is
public UserManager()
: base(new UserStore<ApplicationUser>(new ApplicationDbContext()))
{
UserValidator = new UserValidator<ApplicationUser>(this) { AllowOnlyAlphanumericUserNames = false };
}
Solution 3 - asp.net
In my case, running in VS 2013 C#, MVC 5.2.2, using ASP.NET Identity 2.0, the solution was to update the ApplicationUserManager constructor inside App_Start\IdentityConfig.cs like so:
public ApplicationUserManager(IUserStore<ApplicationUser> store)
: base(store)
{
this.UserValidator = new UserValidator<ApplicationUser>(this) { AllowOnlyAlphanumericUserNames = false };
}
Solution 4 - asp.net
I had the same problem, when I tried to change the code for make the UserName was the real name of the person and not the email the system show me the same error message "User name ABC DEF is invalid, can only contain letters or digits." I solved the problem adding the space character (In my case at the end) to AllowedUserNameCharacters.
Im using Asp.Net Core 2.2 and VS2017
This is my code
Go to Startup.cs and edit or add the line under "//user settings":
services.AddDbContext<ApplicationDbContext>(options =>
options.UseMySql(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 6;
options.Password.RequiredUniqueChars = 1;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+ ";
options.User.RequireUniqueEmail = false;
});
services.ConfigureApplicationCookie(options =>
Solution 5 - asp.net
For people on AspNet.Identity.Core 2.1 and up, these validators in the UserManager are readonly. Email addresses as usernames are allowed by default but if you need further customisation of the characters in your usernames, you can do so in Startup.cs like this:
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentity<ApplicationUser, IdentityRole>(options => {
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+/";
});
// ... etc
}
(I needed a '/' for legacy reasons.)
Solution 6 - asp.net
If you are using ASP.Net webforms and are trying to accomplish this, simply open up your IdentityModels.vb/cs file and under Public Class UserManager, have it look as so:
Public Class UserManager
Inherits UserManager(Of ApplicationUser)
Public Sub New()
MyBase.New(New UserStore(Of ApplicationUser)(New ApplicationDbContext()))
Users = store
UserValidator = New UserValidator(Of ApplicationUser)(Me) With {.AllowOnlyAlphanumericUserNames = False}
End Sub
Public Property Users() As IUserStore(Of ApplicationUser)
Get
Return m_Users
End Get
Private Set(value As IUserStore(Of ApplicationUser))
m_Users = value
End Set
End Property
Private m_Users As IUserStore(Of ApplicationUser)
End Class
Solution 7 - asp.net
Since coding my own ApplicationUserManager : UserManager class didn't work for me (maybe bc I use Razor Pages, not MVC), here's another solution: In Startup.cs in CofigureServices() you can configure Identity Options, for example:
services.Configure<IdentityOptions>(options =>
{
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ@";
options.User.RequireUniqueEmail = true;
});
More on this topic in Microsoft docs: https://docs.microsoft.com/de-de/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.2
Solution 8 - asp.net
As you will have probably found out (and was to be expected), ASP.NET Identity 2.0.0, released March 2014, adds this functionality in the framework.
Announcement: http://blogs.msdn.com/b/webdev/archive/2014/03/20/test-announcing-rtm-of-asp-net-identity-2-0-0.aspx
Full example and tutorial, including account confirmation: http://www.asp.net/identity/overview/features-api/account-confirmation-and-password-recovery-with-aspnet-identity
Solution 9 - asp.net
If you cannot find IdentityConfig.cs then replace your AccountController constructor with this code.
public AccountController(UserManager<ApplicationUser> userManager)
{
UserManager = userManager;
UserManager.UserValidator = new UserValidator<ApplicationUser>(UserManager)
{
AllowOnlyAlphanumericUserNames = false
};
}
Solution 10 - asp.net
In my case i had a repository class working with authentication, that didn't let me use a "-" inside usernames.. The fix was inside the constructor here:
//-------------------------------------------------------
public AuthRepository()
//-------------------------------------------------------
{
_ctx = new AuthContext();
_userManager = new UserManager<IdentityUser>(new UserStore<IdentityUser>(_ctx));
_userManager.UserValidator = new UserValidator<IdentityUser>(_userManager)
{
AllowOnlyAlphanumericUserNames = false
};
}
Solution 11 - asp.net
I was also stuck with this because most of the time usernames are E-mails these days, I can understand the reasoning of a separate E-mail field though. These are purely my thoughts / experience as I also could not find Microsoft's say on this.
Remember, Asp Identity is purely to identify someone, you don't have to have an E-mail to be identified but they allow us to store it because it forms part of an identity. When you create a new web project in visual studio, you are given the option for authentication options.
If you select a non empty project type such as MVC and set authentication to "Individual accounts" then you are given the basic underpinnings for user management. One of which includes a sub class looking like this within App_Start\IdentityConfig.cs:
// Configure the application user manager used in this application. UserManager is defined in ASP.NET Identity and is used by the application.
public class ApplicationUserManager : UserManager<ApplicationUser>
{
public ApplicationUserManager(IUserStore<ApplicationUser> store)
: base(store)
{
}
public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
// Configure validation logic for usernames
manager.UserValidator = new UserValidator<ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
}
//N.B rest of code removed
}
What this tells us is that Microsoft intend us to store more complex usernames (refer to AllowOnlyAlphaNumericUserNames = false), so really we have mixed signals.
The fact this is generated from a default web project gives us a good indication / direction from Microsoft (and a clean way) to enable us to enter E-mails for the username field. It's clean because the static create method is used within the App_Start\Startup.Auth.cs when bootstrapping the application with the Microsoft.OWIN context.
The only down side to this approach is you end up storing the E-mail twice.... Which is not good!
Solution 12 - asp.net
If you are using IOC of some sort ( I am using StructureMap) in your account controller, you will need to apply the fix mentioned above by Hao Kung when the Usermanager is passed in: (I had to). There may be a way to do it in the IOC setup, but I don't know how.
public AccountController(ApplicationUserManager userManager)
{
_userManager = userManager;
_userManager.UserValidator = new UserValidator<ApplicationUser>(_userManager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
Solution 13 - asp.net
I have faced the same problem . but finally I resolved the issue by adding bellow part in to my method , not the constructor .
public void MyMethod(){
UserManager<ApplicationUser> manager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()));
// Configure validation logic for usernames
manager.UserValidator = new UserValidator<ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
}