This library provides a simple HttpClient instance that consumes Troy Hunt's PwnedPasswords API v3 and checks a password's integrity whether it has previously appeared in a data breach or not. It also includes ASP.NET Core Identity IPasswordValidator implementation along with an extension method to inject it using Dependency Injection principle.
In Package Manager Console (Visual Studio), select a specified project into which you want to install the package and enter the command Install-Package Matrixsoft.PwnedPasswords or use any of these methods according to your development environment.
var client = new PwnedPasswordsClient();
var flag = await client.IsPasswordPwnedAsync(password);
if (flag)
{
// TODO: Failed
}
else
{
// TODO: Success
}Add the password validator to ASP.NET Core Identity configuration using the IdentityBuilder extension method in Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddPwnedPasswordsValidator<IdentityUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddControllersWithViews();
services.AddRazorPages();
services.AddTransient<PwnedPasswordsClient>();
}If you run into bugs / have feature suggestions / have questions, please file a Github bug.