I'm using ASP.NET MVC5 which has unobtrusive validator hooked up for the client side validation out of the box. I set up my IdentityConfig.cs this way:
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 8,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
When the password is not too long client side validation warns properly. But it doesn't seem to do validation about the rest of the criteria (at least one digit, at least on upper case letter, at least one lower case letter, not even speak about the special characters). In my use-case it'd be important to have these on client side.
What's the best way to enable these extra checks? Should I setup my own non-obtrusive validation rules? How would that interfere with the unobtrusive validation?
Add a RegularExpressionAttribute to your property. Based on Srinivas' answer to Regex for Password Must be contain at least 8 characters, least 1 number and both lower and uppercase letters and special characters, the following should suit your rules
[RegularExpression(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}", ErrorMessage = "...")]
public string Password { get; set; }
and in the view
@Html.PasswordFor(m => m.Password)
@Html.ValidationMessageFor(m =>m.Password)