While working on an ASP.NET Core project, I bumped into the following challenge: I had to implement a feature which makes it possible for an admin user to create new, non-admin users for a website. To achieve this, I had to create new users with random passwords that would comply with all the requirements configured in ASP.NET Core Identity’s options.

Please note that creating users manually and generating passwords for them could pose a security threat for your application if you don’t have a secure way of giving these passwords to your users. (Sending their passwords in e-mail is not secure.) In case of anything beyond home usage, consider using account registration confirmation with e-mail or use a managed solution, like Azure Active Directory.

After searching for a while, I realized that there is no built-in way to do this in ASP.NET Core Identity. I also stumbled upon this Stack Overflow answer.

I really liked the idea presented by this piece of code and felt like this is such a basic feature (which classic ASP.NET actually has in form of System.Web.Security.Membership.GeneratePassword), that I decided to create a library that would implement the very same thing in a more robust manner.

That’s how the IdentityPasswordGenerator NuGet package came to be. (Complete source code can be found here.) Compared to the code on Stack Overflow, I introduced the excludeNonRequiredChars parameter, so the library can be used in a more flexible manner. For example for generating one-time passwords or authentication tokens. I also added some validation logic for the arguments to make sure that the password generation logic cannot get stuck in an infinite loop.

I hope to achieve two things by providing this for the .NET community:

  1. Nobody needs to reimplement the same logic every time they need this feature in their applications.

  2. By making the code open source, make it possible for people to learn from the way I implemented this fairly simple, but security-wise quite sensitive piece of logic.