Last update:
May 8, 2024
Configuration¶
This section explains the basic configuration for the security logic via the appsettings.json file.
Node | Default or Sample Value | Description |
---|---|---|
Password | Configuration settings related to user password requirements. | |
Password:RequiredLength | 8 | The minimum required length for user passwords. |
Password:RequireDigit | false | Indicates whether a digit is required in user passwords. |
Password:RequireNonAlphanumeric | false | Indicates whether a non-alphanumeric character is required in user passwords. |
Password:RepeatedResetPasswordTimeLimit | "0:01:0" | The time span within which a user cannot repeatedly reset their password. |
User | Configuration settings related to user accounts. | |
User:MaxPasswordAge | 90 | The maximum age (in days) a user can keep the same password before being required to change it. |
User:RequireUniqueEmail | true | Indicates whether each user must have a unique email address. |
User:RemindPasswordExpiryInDay | 7 | The number of days before the password expiration date when the system will start reminding users to change their password. |
Lockout | Configuration settings related to account lockout. | |
Lockout:DefaultLockoutTimeSpan | "0:15:0" | The default duration for which an account is locked out after the specified number of unsuccessful login attempts. |
Example
appsettings.json
"IdentityOptions": {
"Password": {
"RequiredLength": 8,
"RequireDigit": false,
"RequireNonAlphanumeric": false,
"RepeatedResetPasswordTimeLimit": "0:01:0"
},
"User": {
"MaxPasswordAge": 90,
"RequireUniqueEmail": true,
"RemindPasswordExpiryInDay": 7
},
"Lockout": {
"DefaultLockoutTimeSpan": "0:15:0"
}