Open Closed

Password policies : Extra features . #5707


User avatar
0
aqudah81 created

Hello Support Team, I want to ask if ABP support below features for password policies :

1- Password must be changed every specific days (Password expiration). 2- Users shall not be able to re-use the previous 6 passwords (or any configurable number). (Password History) .

Best regards

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

  • ABP Framework version: v6.0.0
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Auth Server Separated (for Angular): yes/no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Password must be changed every specific days

    This feature has been implemented in 7.2 https://docs.abp.io/en/commercial/latest/modules/identity/periodic-password-change

    • Users shall not be able to re-use the previous 6 passwords (or any configurable number).

    We don't know and don't store the plaintext password, So we may not implement this feature.

  • User Avatar
    0
    aqudah81 created

    Hi , Thanks for your reply .

    For the second part (Users shall not be able to re-use the previous 6 passwords (or any configurable number).) we will implement this features by saving the hashed passwords for every user. But where the best place to extend the password policies and add our logic for checking if the hashed password was used before ?

    Best regards

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can check the password history when the user changes its password.

    ChangePasswordAsync of ProfileAppService ResetPasswordAsync of AccountAppService

  • User Avatar
    0
    aqudah81 created

    Hi, Can I extend the **IdentityUser ** by adding list of **UsedPassword ** to it ? The class will be like that : public class UsedPassword { public string HashPassword { get; set; } public DateTimeOffset CreatedDate { get; set; } public string UserID { get; set; } }

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Yes, You can also add a new table

    Id
    UserID
    CreatedDate
    Password
    
  • User Avatar
    0
    aqudah81 created

    Hi ,

    Can you give me a sample code for how to add list of objects to **IdentityUser **.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can create a new entity

    IdentityUser is one to many of your entity.

    https://learn.microsoft.com/en-us/ef/core/modeling/relationships/one-to-many

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19