'ASP.NET Core Identity prevent user from using same password

I have a project where I am using ASP.NET Core Identity (with IdentityServer4) for user authentication.

When I use ChangePasswordAsync to change password, it is allowing the new password to be the same as the current password. Is there a way to prevent this?

asp.net-coreasp.net-identitychange-password


Solution 1:[1]

Adding a custom password validator in which you can do a Login-Request with username + the new password.

If this Login is successful then the password hasn't changed.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Kay Meister

Related Questions

How can I use ActiveDirectoryMembershipProvider with ASP.NET Identity?

Identity UserManager CreateAsync does not write to database

The type ApplicationUser cannot be used as type parameter 'TUser' in the generic type or method 'IdentityDbContext<TUser>'

How to change error message in ASP.NET Identity

Get current user id in ASP.NET Identity 2.0

Blazor server app still authorized even after altering cookies

Click on ASP .Net Core Identity Log In button leads to 400 error

ASP.NET model that requires a reference to a IdentityUser?

AddIdentity() fails "InvalidOperationException: Scheme already exists: Identity.Application"

How to add auto-increment column in aspnetuser table while implementing asp.net identity?

The default Identity UI layout requires a partial view '_LoginPartial' error ASP.NET Core 6.0

.NET Core 2.0 with MySQL: Specified key was too long; max key length is 3072 bytes

I got this error "Unable to resolve service for type AspNetCore.Identity.SignInManager" when I use ApplicationUser instead IdentityUser

Move Identity Tables To Custom Schema Asp.Net Core

Suggested architecture for a project with 2 Frontend applications (Blazor Server and Angular) with EFCore, Identity, Mediatr