PwnedPasswords
PwnedPasswords copied to clipboard
.NET Core API and ASP.NET Core Identity Password Validator powered by Troy Hunt's Pwned Passwords v3
Pwned Passwords
This library provides a simple HttpClient
instance that consumes Troy Hunt's PwnedPasswords API v3 and checks a password's integrity whether it has previously appeared in a data breach or not. It also includes ASP.NET Core Identity IPasswordValidator
implementation along with an extension method to inject it using Dependency Injection principle.
Installation
In Package Manager Console (Visual Studio), select a specified project into which you want to install the package and enter the command Install-Package Matrixsoft.PwnedPasswords
or use any of these methods according to your development environment.
Usage
For .NET Core app:
var client = new PwnedPasswordsClient();
var flag = await client.IsPasswordPwnedAsync(password);
if (flag)
{
// TODO: Failed
}
else
{
// TODO: Success
}
For ASP.NET Core Web app:
Add the password validator to ASP.NET Core Identity configuration using the IdentityBuilder
extension method in Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddPwnedPasswordsValidator<IdentityUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddControllersWithViews();
services.AddRazorPages();
services.AddTransient<PwnedPasswordsClient>();
}
Thanks
Problems
If you run into bugs / have feature suggestions / have questions, please file a Github bug.