⭐️ Please star this project if you find it useful!
It allows users to change their Active Directory/LDAP password on their own, provided the user is not disabled.
PassCore does not require any configuration, as it obtains the principal context from the current domain. I wrote this because a number of people have requested several features that the original version did not have. The original version of this tool was downloaded around 8000 times in 2.5 years. My hope is that the new version continues to be just as popular. There really is no free alternative out there (that I know of) so hopefully this saves someone else some time and money.
You can check the wiki section for additional content related to development of this project.
PassCore has the following features:
Easily localizable (i.e. you can customize all of the strings in the UI -- see the section on Customization)
Has a built-in password meter
Has a password generator
Has a server-side password entropy meter
Responsive design that works on mobiles, tablets, and desktops.
Works with Windows/Linux servers.
You can easily install using Powershell. Check the next section to know how.
dotnet publish --configuration Release --runtime win-x64 --output "<path>"
<path>is the directory where you will be serving the website from.
logsis not there you can created. To enable the logs you need to change
web.configfile. You need to add Full Control permissions to your IIS Application Pool account (see Troubleshooting).
https://password.yourdomain.com(the hostname you previously set). If all is set then you should be able to see the PassCore tool show up in your browser.
NOTE: If you have a previous version, you can not use the same
appsettings.json file. Please update your settings manually editing the new file.
Use PowerShell to download and setup Passcore using the following command line, just make sure you have installed the .NET Core 5.0.1 Windows Server Hosting bundle and enabled World Wide Web publishing service:
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/unosquare/passcore/master/Installer.ps1'))
Using the command shown above will install to the folder
C:\passcore and using the HTTP Port 8080 with the default (localhost) binding.
NOTE: You need PowerShell version 5 or better to execute the script.
We recommend use the docker image and redirect the traffic to ngix.
You can use the Alpine Docker Builder image and then copy the assets over to an Alpine container. You can pass environment attributes directly into docker without modifying the appsettings.json
docker build --rm -t passcore . docker run \ -e AppSettings__LdapHostnames__0='ad001.example.com' \ -e AppSettings__LdapHostnames__1='ad002.example.com' \ -e AppSettings__LdapPort='636' \ -e AppSettings__LdapUsername='CN=First Last,OU=Users,DC=example,DC=com' \ -it \ -p 80:80 \ passcore:latest
NOTE: Docker image contains a build using the LDAP Provider (see below).
PassCore was created to use the Microsoft Active Directory Services provided by .NET Framework, but a new Provider using Novell LDAP Client can be used instead. This provider is the default when PassCore is running at Linux or macOS since Microsoft AD Services are NOT available.
The configuration of the LDAP Provider is slightly different. for example, the AutomaticContext is not available and you need to supply credentials.
Sometimes a simple set of checks and some custom logic is enough to rule out non-secure trivial passwords. Those checks are always performed locally. There are, however, many more unsafe passwords that cannot be ruled out programatically. For those cases there are no simple set of rules that could be used to check those passwords that should never be used: You either need a local DB with a list of banned passwords or use an external API service.
Here is where Pwned Password API comes into play. Pwned Passwords are more than half a billion passwords which have previously been exposed in different data breaches along the years. The use of this service is free and secure. You can read more about this service in Pwned Passwords overview
All server-side settings and client-side settings are stored in the
The most relevant configuration entries are shown below. Make sure you make your changes to the
appsettings.json file using a regular text editor like Visual Studio Code
PrivateKeyentry and enter your private key within double quotes (
SiteKeyentry and enter your Site Key within double quotes (
LanguageCodeentry and enter one of the options listed here. By default this is set to
ShowPasswordMeterentry and set it to
UsePasswordGenerationentry and set it to
PasswordEntropyentry and set it to a numeric value (without quotes) to set the entropy of the generated password
MinimumScoreentry and set it to a numeric value (without quotes) between 1 and 4, where 1 is a bit secure and 4 is the most secure. Set to 0, for deactivate the validation.
RestrictedADGroupsentry and add any groups that are sensitive. Accounts in these groups (directly or inherited) will not be able to change their password.
DefaultDomainentry and set it to your default Active Directory domain. This should eliminate confusion about using e-mail domains / internal domain names. NOTE: if you are using a subdomain, and you have errors, please try using your top-level domain.
IdTypeForUserit is possible to select one of six Attributes that will be used to search for the specifiv user.
To run as a sub-application you need to modify the
base href="/" value in the
wwwroot/index.html file to be the base URL for PassCore. For example you might have PassCore setup at /PassCore so you would put
<base href="/PassCore/" />
icacls "<logfolder>/" /grant "IIS AppPool\<passcoreAppPoolAccount>:M" /t
/appsettings.jsonfile. Here are some guidelines:
UseAutomaticContextis set to
LdapUsernameis set to an AD user with enough permissions to reset user passwords
LdapPasswordis set to the correct password for the admin user mentioned above
@domain. Only the username.
PassCore is open source software and MIT licensed. Please star this project if you like it.
PassCore is free and will continue to be free forever. However, you can access a complete, brand new version with new features and tools.
Introducing passcorepro. This new, enhanced version of our self-service password manager comes with new features such as:
Go to our store and download a free trial: https://store.unosquare.com/PasscorePro