locked
Error message unclear: "Passwords must have at least one non letter or digit character." RRS feed

  • Question

  • User-1825365580 posted

    Apologies if this has already been mentioned, I wasn't able to find anything online about it other than when it was mentioned, and pretty much ignored, here (first post by centiva): http://blogs.msdn.com/b/webdev/archive/2006/05/05/590585.aspx?PageIndex=270  

    Came across this issue when completing this lab: http://www.asp.net/web-api/tutorials/hands-on-labs/build-a-single-page-application-(spa)-with-aspnet-web-api-and-angularjs

    Using Microsoft.AspNet.Identity.UserManager, and specifically Microsoft.AspNet.Identity.PasswordValidator.

    With PasswordValidator set with the property

    RequireNonLetterOrDigit = true

    Passwords must contain a non-letter AND non-digit character, i.e. a symbol

    So

    "Test123" is not allowed

    "Test123@" is allowed

    Unfortunately the wording of the error message is unclear:

    "Passwords must have at least one non letter or digit character."

    'non letter or digit' suggests to me that the password cannot be all letters, it must contain a symbol or a digit.

    It is ambiguous because it is not clear whether it is:

    non (letter or digit)

    or

    (non letter) or digit

    Perhaps the wording should be changed, something like:

    "Passwords must have at least one non-letter or non-digit character."

    or

    "Passwords must have at least one character that is not a letter or digit."

    or

    @"Passwords must have at least one special character: ~`!@#$%^&*()-_+={}[]|\;:<>,./?"

    Thanks,

    Adam

    Thursday, July 17, 2014 5:33 AM

All replies

  • User-1818759697 posted

    Hi,

    According to the MSDN document says, PasswordValidator.RequireNonLetterOrDigit Property gets or sets whether the password requires a non-letter or digit character. True if the password requires a non-letter or digit character; otherwise, false.

    For detailed information:

    http://msdn.microsoft.com/en-us/library/microsoft.aspnet.identity.passwordvalidator.requirenonletterordigit(v=vs.108).aspx

    Regards

    Friday, July 18, 2014 4:00 AM
  • User-1825365580 posted

    Did you read my post? 

    The documentation, the property name, and the validation message are all unclear and ambiguous.

    Friday, July 25, 2014 11:14 AM
  • User1156612402 posted

    @AdamMarshall : I absolutely agree.  The default message is ambigous in that it reads as "you need to enter a special character or a number" when in fact, it is saying, "you need to enter a special character."  It should be changed as you have suggested.

    I second the following:

    "Passwords must have at least one character that is not a letter or digit."

    or

    @"Passwords must have at least one special character: ~`!@#$%^&*()-_+={}[]|\;:<>,./?"
    Thursday, August 7, 2014 10:39 AM
  • User132483923 posted

    Similar issue with this bug.

    I just attempted to login to a new site that I'm building.  I used a password that contained numbers and letters.  I then got the error message that said the password must have at least one letter and one number. Made no sense. So, I spent over an hour troubleshooting SQL Server.  Then I used a password with a symbol.  Presto.  It works.  Glitches like this are maddening.

    Saturday, May 2, 2015 7:25 PM
  • User-274009987 posted

    Temporary fix: (my users was really confused)

        public class CustomPasswordValidator : PasswordValidator
        {
            public override async Task<IdentityResult> ValidateAsync(string password)
            {
                var requireNonLetterOrDigit = base.RequireNonLetterOrDigit;
                base.RequireNonLetterOrDigit = false;
                var result = await base.ValidateAsync(password);
    
                if (!requireNonLetterOrDigit)
                    return result;
                
                if (!Enumerable.All<char>((IEnumerable<char>)password, new Func<char, bool>(this.IsLetterOrDigit)))
                    return result;
    
                // Build a new list of errors so that the custom 'PasswordRequireNonLetterOrDigit' could be added. 
                List<string> list = new List<string>();
                foreach (var error in result.Errors)
                {
                    list.Add(error);
                }
                // Add our own message: (The default by MS is: 'Passwords must have at least one non letter or digit character.')
                list.Add("Passwords must have at least one character that is neither a letter or digit. (E.g. '£ $ % ^ _ etc.')");
                result = await Task.FromResult<IdentityResult>(IdentityResult.Failed(string.Join(" ", (IEnumerable<string>)list)));
    
                return result;
            }
        }

    Thursday, February 11, 2016 4:10 PM