Open Closed

Tenants | Set Password | Password change accepts existing password #9945

User avatar
0
dhill created

Users can set the new tenant password to the existing one

Steps:

  1. Create a new tenant with the password Admin@123
  2. After the creation, click on the Actions button of the tenant
  3. Click on the Set Password option
  4. Enter the same password "Admin@123"
  5. Click on the Save button

Expected: Users should see the error - Entered an Existing password

cc: @<fd493ccd-86a6-6fea-b933-038d8ccbb6fc>

Go to accepted answer
2 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    To prevent users from setting the same password as the current one when using the "Set Password" feature for tenants, you need to implement a custom password validation in your application. By default, ABP does not check if the new password is the same as the existing password.

    You can override the password setting logic in your custom TenantAppService. Here’s how you can do it:

    1. Override the SetPasswordAsync method in your custom TenantAppService.
    2. Before setting the new password, compare it with the current password using the UserManager's CheckPasswordAsync method.
    3. If the new password matches the current password, throw a validation error.

    Example:

    public async override Task SetPasswordAsync(Guid id, SaasTenantSetPasswordDto input)
{
    var tenantAdminUser = // get the tenant admin user by tenant id
    var isSame = await _userManager.CheckPasswordAsync(tenantAdminUser, input.Password);
    if (isSame)
    {
        throw new UserFriendlyException("Entered an existing password");
    }
    await base.SetPasswordAsync(id, input);
}
    • Replace the comment with your logic to retrieve the tenant admin user.

    This will ensure that users cannot set the password to the existing one and will receive an appropriate error message.

    Sources:

    • https://abp.io/support/questions/9002

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The SetPassword of the Saas module will send a distributed message, and the Identity module will handle the message and then try to change the password.

    You can override the SetPasswordAsync of TenantAppService to change the logic.

    ASP.NET Core Identity will not check if the password is the same when changing it.

    You can add a custom IPasswordValidator to implement this feature.

    https://andrewlock.net/creating-custom-password-validators-for-asp-net-core-identity-2/

    Thanks.

Assignee
User avatar maliming
Question details
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 17, 2025, 13:15