Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

OWIN PasswordValidator Issue with Admin UI


I created a new PasswordValidator that implements IIdentityValidator but does not inherit from PasswordValidator directly.  It works as expected through my login flow.  I am able to change password and reset passwords, etc.  However, when changing a password through the Admin UI, I get an error that says it cannnot cast my passwordvalidator object to type "Microsoft.AspNet.Identity.PasswordValidator".  I have verified that my validator gets called by the Asp.Net Identtiy framework during my change/reset password process.  I need to make this work in the UI as well for site administrators.  It appears that the admin UI it is checking for type "PasswordValidator" instead of if the current validator implements "IIdentityValidator".  

Here is part of my OWIN bootstrap code:

manager.PasswordValidator = new MisoPasswordValidator()
MaximumLength = 20,
MinimumLength = 7,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
RequireNonLetterOrDigit = false,
BeginWithAlphabeticCharacter = true,
SupportedSymbols = new List { '.', ',', '!', '@', '#', '&' }

May 17, 2017 22:52
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.