C# Random Password Generator for ASP.NET Core & ASP.NET MVC Identity Framework A simple C# helper class for ASP.NET Core to generate a random password with custom strength requirements: min length, uppercase, lowercase, digits & more

C# Random Password Generator for ASP.NET Core & ASP.NET MVC Identity Framework

Yesterday I had to implement a C# method that creates a random generated password in C#. Before committing into it I spent some minutes surfing the web, trying to find something I could use. I stumbled upon this 2006 post from Mads Kristensen, which is a guy I seriously love for all the great work he did with some incredibly useful Visual Studio extensions such as Web Essentials, Web Compiler, ASP.NET Core Web Templates – and a bunch of other great stuff.

However, the function I found in that post didn’t help me much, because it had no way to ensure any strong-password requisite other than the minimum required length: more specifically, I need to generate password with at least one uppercase & lowercase letter, digit and non-alphanumeric character – and also a certain amount of unique characters. The random password generated against the Mads function could have them or not, depending on the randomness: that simply won’t do in my scenario, since I had to deal with the   method of the  namespace, which utterly crashes whenever the password isn’t strong enough.

Right after Mads, I found this neat StackOverflow thread where the community users enumerated a number of available options, including:

  • Using the   method from the  namespace, which sadly isnt’ available in ASP.NET Core.
  • Creating a ASP.NET Core port of the above method based on the official source code (licensed under MIT).
  • Implement their own method.

However, none of these methods really helped me. Eventually, I ended up coding my own helper class – just like Mads Kristensen more than 11 years ago:

As you can see, it takes a PasswordOptions object as parameter, which is shipped by the Microsoft.AspNetCore.Identity assembly, but you can easily replace it with a two int – four bool parameter group or POCO class if you don’t have that package installed. In the likely case you have it in your ASP.NET Core project, you can use the exact same object used in the ConfigureService method of the Startup class when defining the password requirements:

That’s it for now: hope you’ll like the helper method!

UPDATE: Since July 2018 this library is also available on GitHub under Apache License 2.0.

If you need a C# helper function to check for strong passwords, don’t forget to also read this post.


About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.