Apologies if this has already been mentioned, I wasn't able to find anything online about it other than when it was mentioned, and pretty much ignored, here (first post by centiva): http://blogs.msdn.com/b/webdev/archive/2006/05/05/590585.aspx?PageIndex=270
Came across this issue when completing this lab: http://www.asp.net/web-api/tutorials/hands-on-labs/build-a-single-page-application-(spa)-with-aspnet-web-api-and-angularjs
Using Microsoft.AspNet.Identity.UserManager, and specifically Microsoft.AspNet.Identity.PasswordValidator.
With PasswordValidator set with the property
RequireNonLetterOrDigit = true
Passwords must contain a non-letter AND non-digit character, i.e. a symbol
So
"Test123" is not allowed
"Test123@" is allowed
Unfortunately the wording of the error message is unclear:
"Passwords must have at least one non letter or digit character."
'non letter or digit' suggests to me that the password cannot be all letters, it must contain a symbol or a digit.
It is ambiguous because it is not clear whether it is:
non (letter or digit)
or
(non letter) or digit
Perhaps the wording should be changed, something like:
"Passwords must have at least one non-letter or non-digit character."
or
"Passwords must have at least one character that is not a letter or digit."
or
@"Passwords must have at least one special character: ~`!@#$%^&*()-_+={}[]|\;:<>,./?"Thanks,
Adam