{"id":13560573,"url":"https://github.com/unosquare/passcore","last_synced_at":"2026-01-10T03:41:54.462Z","repository":{"id":37952802,"uuid":"49232158","full_name":"unosquare/passcore","owner":"unosquare","description":"A self-service password management tool for Active Directory","archived":true,"fork":false,"pushed_at":"2023-06-02T21:14:09.000Z","size":5590,"stargazers_count":1051,"open_issues_count":21,"forks_count":235,"subscribers_count":70,"default_branch":"master","last_synced_at":"2025-09-07T13:44:15.332Z","etag":null,"topics":["activedirectory","application-pool","dotnet","dotnetcore","iis","password","password-manager","password-meter","powershell","react","recaptcha","self-service","ssl-certificate"],"latest_commit_sha":null,"homepage":"https://unosquare.github.io/passcore/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/unosquare.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-01-07T21:36:00.000Z","updated_at":"2025-08-20T06:52:22.000Z","dependencies_parsed_at":"2023-02-04T07:01:23.911Z","dependency_job_id":"31936044-7a8f-4afb-989b-dd8a6b414abc","html_url":"https://github.com/unosquare/passcore","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/unosquare/passcore","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unosquare%2Fpasscore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unosquare%2Fpasscore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unosquare%2Fpasscore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unosquare%2Fpasscore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/unosquare","download_url":"https://codeload.github.com/unosquare/passcore/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unosquare%2Fpasscore/sbom","scorecard":{"id":910816,"data":{"date":"2025-08-11","repo":{"name":"github.com/unosquare/passcore","commit":"6948c23c50cb151bfe266322d2df025165d82493"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":3,"reason":"Found 7/21 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29","Warn: no topLevel permission defined: .github/workflows/build-sonar.yml:1","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/build_windows.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-sonar.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build-sonar.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-sonar.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build-sonar.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-sonar.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build-sonar.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-sonar.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build-sonar.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_windows.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build_windows.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_windows.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build_windows.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_windows.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build_windows.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_windows.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/build_windows.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/unosquare/passcore/codeql.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:6","Warn: containerImage not pinned by hash: Dockerfile:18: pin your Docker image by updating mcr.microsoft.com/dotnet/aspnet:6.0 to mcr.microsoft.com/dotnet/aspnet:6.0@sha256:e70c493f8af7f95bf459cb2b15c7e7a6173228929c2b7a9a6836b19377890e78","Info:   0 out of  12 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 4.2.4 not signed: https://api.github.com/repos/unosquare/passcore/releases/29668782","Warn: release artifact 4.2.3 not signed: https://api.github.com/repos/unosquare/passcore/releases/23889497","Warn: release artifact 4.2.2 not signed: https://api.github.com/repos/unosquare/passcore/releases/21264070","Warn: release artifact 4.2.1 not signed: https://api.github.com/repos/unosquare/passcore/releases/21033676","Warn: release artifact 4.2.0 not signed: https://api.github.com/repos/unosquare/passcore/releases/20747543","Warn: release artifact 4.2.4 does not have provenance: https://api.github.com/repos/unosquare/passcore/releases/29668782","Warn: release artifact 4.2.3 does not have provenance: https://api.github.com/repos/unosquare/passcore/releases/23889497","Warn: release artifact 4.2.2 does not have provenance: https://api.github.com/repos/unosquare/passcore/releases/21264070","Warn: release artifact 4.2.1 does not have provenance: https://api.github.com/repos/unosquare/passcore/releases/21033676","Warn: release artifact 4.2.0 does not have provenance: https://api.github.com/repos/unosquare/passcore/releases/20747543"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 17 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"47 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr","Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T19:05:15.735Z","repository_id":37952802,"created_at":"2025-08-24T19:05:15.735Z","updated_at":"2025-08-24T19:05:15.735Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277974402,"owners_count":25908396,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-02T02:00:08.890Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["activedirectory","application-pool","dotnet","dotnetcore","iis","password","password-manager","password-meter","powershell","react","recaptcha","self-service","ssl-certificate"],"created_at":"2024-08-01T13:00:46.789Z","updated_at":"2025-10-02T07:30:30.121Z","avatar_url":"https://github.com/unosquare.png","language":"C#","readme":"[![Github All Releases](https://img.shields.io/github/downloads/unosquare/passcore/total.svg)](https://github.com/unosquare/passcore/releases)\n![Buils status](https://github.com/unosquare/passcore/workflows/ASP.NET%20Core%20CI/badge.svg)\n\n![Passcore Logo](https://github.com/unosquare/passcore/raw/master/src/Unosquare.PassCore.Web/ClientApp/assets/images/passcore-logo.png)\n# PassCore: A self-service password change utility for Active Directory\n\n*:star: Please star this project if you find it useful!*\n\n- [Overview](#overview)\n  - [Features](#features)\n- [Installation on IIS](#installation-on-iis)\n- [PowerShell Installer](#powershell-installer)\n- [Docker](#docker)\n- [Linux](#linux)\n- [LDAP Provider](#ldap-provider)\n- [Pwned Password Support](#pwned-password-support)\n- [Customization and Configuration](#customization-and-configuration)\n  - [Running as a sub application](#running-as-a-sub-application)\n- [Troubleshooting](#troubleshooting)\n  - [LDAP Support](#ldap-support)\n- [License](#license)\n- [passcorepro](#passcorepro)\n\n## Overview\n\nPassCore is a very simple 1-page web application written in [C#](https://docs.microsoft.com/en-us/dotnet/csharp/), using [ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/getting-started/), [Material UI (React Components)](https://material-ui.com/), and [Microsoft Directory Services](https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices) (Default provider). \n\nIt allows users to change their Active Directory/LDAP password on their own, provided the user is not disabled.\n\nPassCore does not require any configuration, as it obtains the principal context from the current domain. I wrote this because a number of people have requested several features that the [original version](http://unopasscore.codeplex.com/) did not have. The original version of this tool was downloaded around 8000 times in 2.5 years. My hope is that the new version continues to be just as popular. There really is no free alternative out there (that I know of) so hopefully this saves someone else some time and money.\n\nYou can check [the wiki section](https://github.com/unosquare/passcore/wiki) for additional content related to development of this project.\n\n### Features\n\nPassCore has the following features:\n\n- Easily localizable (i.e. you can customize all of the strings in the UI -- see the section on Customization)\n- Supports [reCAPTCHA](https://www.google.com/recaptcha/intro/index.html)\n- Has a built-in password meter\n- Has a password generator\n- Has a server-side password entropy meter\n\n- Responsive design that works on mobiles, tablets, and desktops.\n- Works with Windows/Linux servers.\n\n\u003cimg align=\"center\" src=\"https://user-images.githubusercontent.com/25519413/63782596-39713d80-c8b1-11e9-84f0-eef7a06b447b.png\"\u003e\u003c/img\u003e\n\n## Installation on IIS\n\n*You can easily install using Powershell. Check the next section to know how.*\n\n1. Ensure the server running IIS is domain-joined. To determine if the computer is domain-joined:\n    - Go to the *Start* menu, right-click on *Computer*, then select *Properties*\n    - Make sure the *Domain* field contains the correct setting.\n1. You need a Passcore copy to continue. We recommend to download the latest binary release of [PassCore](https://github.com/unosquare/passcore/releases/download/4.2.4/PassCore424.zip).\n1. **NOTE:** Before extracting the contents of the file, please right-click on it, select Properties and make sure the file is Unblocked (Click on the Unblock button at the bottom of the dialog if it is available). Then, extract the contents of the zip file to the directory where you will be serving the website from.\n    - If you download the source code you need to run the following command via an Command Prompt. Make sure you start the Command Prompt with the Administrator option.\n    - `dotnet publish --configuration Release --runtime win-x64 --output \"\u003cpath\u003e\"`\n    - The `\u003cpath\u003e` is the directory where you will be serving the website from.\n1. Install the [.NET Core 5.0.1 Windows Server Hosting bundle](https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-aspnetcore-5.0.1-windows-hosting-bundle-installer).\n1. Go to your *IIS Manager*, Right-click on *Application Pools* and select *Add Application Pool*.\n1. A dialog appears. Under Name enter **PassCore Application Pool**, Under .NET CLR Version select **No Managed Code** and finally, under Managed pipeline mode select **Integrated**. Click OK after all fields have been set.\n1. Now, right-click on the application pool you just created in the previous step and select *Advanced Settings ...*. Change the *Start Mode* to **AlwaysRunning**, and the *Idle Time-out (minutes)* to **0**. Click on *OK*. This will ensure PassCore stays responsive even after long periods of inactivity.\n1. Back on your *IIS Manager*, right-click on *Sites* and select *Add Website*\n1. A dialog appears. Under *Site name*, enter **PassCore Website**. Under *Application pool* click on *Select* and ensure you select **PassCore Application Pool**. Under *Physical path*, click on the ellipsis *(...)*, navigate to the folder where you extracted PassCore.\n    - **Important:** Make sure the Physical path points to the *parent* folder which is the one containing the files, *logs* and *wwwroot* folders.\n    - **NOTE:** If the folder `logs` is not there you can created. To enable the logs you need to change `stdoutLogEnabled` to `true` in the `web.config` file. You need to add *Full Control* permissions to your IIS Application Pool account (see Troubleshooting).\n1. Under the *Binding section* of the same dialog, configure the *Type* to be **https**, set *IP Address* to **All Unassigned**, the *Port* to **443** and the *Hostname* to something like **password.yourdomain.com**. Under *SSL Certificate* select a certificate that matches the Hostname you provided above. If you don't know how to install a certificate, please refer to [SSL Certificate Install on IIS 8](https://www.digicert.com/ssl-certificate-installation-microsoft-iis-8.htm) or [SSL Certificate Install on IIS 10](https://www.digicert.com/csr-creation-ssl-installation-iis-10.htm) , in order to install a proper certificate.\n    - **Important:** Do not serve this website without an SSL certificate because requests and responses will be transmitted in cleartext and an attacker could easily retrieve these messages and collect usernames and passwords.\n1. Click *OK* and navigate to `https://password.yourdomain.com` (the hostname you previously set). If all is set then you should be able to see the PassCore tool show up in your browser.\n\n**NOTE:** If you have a previous version, you **can not** use the same `appsettings.json` file. Please update your settings manually editing the new file.\n\n## PowerShell Installer\n\nUse PowerShell to download and setup Passcore using the following command line, just make sure you have installed the [.NET Core 5.0.1 Windows Server Hosting bundle](https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-aspnetcore-5.0.1-windows-hosting-bundle-installer) and enabled World Wide Web publishing service:\n\n```powershell\nSet-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/unosquare/passcore/master/Installer.ps1'))\n```\n\nUsing the command shown above will install to the folder `C:\\passcore` and using the HTTP Port 8080 with the default (localhost) binding. \n\nIf you want to customize your installation please download the [installer script](https://raw.githubusercontent.com/unosquare/passcore/master/Installer.ps1) and \nthe [IIS setup script](https://raw.githubusercontent.com/unosquare/passcore/master/IISSetup.ps1).\n\n**NOTE:** You need [PowerShell version 5 or better](https://docs.microsoft.com/en-us/powershell/scripting/setup/windows-powershell-system-requirements?view=powershell-6) \nto execute the script.\n\n## Linux\nWe recommend use the docker image and redirect the traffic to nginx.\n\n## Docker\n\nYou can use the Alpine Docker Builder image and then copy the assets over to an Alpine container. You can pass environment attributes directly into docker without modifying the appsettings.json\n\n```\ndocker build --rm -t passcore .\ndocker run \\\n-e AppSettings__LdapHostnames__0='ad001.example.com' \\\n-e AppSettings__LdapHostnames__1='ad002.example.com' \\\n-e AppSettings__LdapPort='636' \\\n-e AppSettings__LdapUsername='CN=First Last,OU=Users,DC=example,DC=com' \\\n-it \\\n-p 80:80 \\\npasscore:latest\n```\n\n**NOTE:** Docker image contains a build using the LDAP Provider (see below).\n\n## LDAP Provider\n\nPassCore was created to use the Microsoft Active Directory Services provided by .NET Framework, but a new Provider using [Novell LDAP Client](https://github.com/dsbenghe/Novell.Directory.Ldap.NETStandard) can be used instead. This provider is the default when PassCore is running at Linux or macOS since Microsoft AD Services are NOT available.\n\nThe configuration of the LDAP Provider is slightly different. for example, the AutomaticContext is not available and you need to supply credentials.\n\n*WIP*\n\n## Pwned Password Support\nSometimes a simple set of checks and some custom logic is enough to rule out non-secure trivial passwords. Those checks are always performed locally. There are, however, many more unsafe passwords that cannot be ruled out programatically. For those cases there are no simple set of rules that could be used to check those passwords that should never be used: You either need a local DB with a list of banned passwords or use an external API service.\n\nHere is where Pwned Password API comes into play. Pwned Passwords are more than half a billion passwords which have previously been exposed in different data breaches along the years. The use of this service is free and secure. You can read more about this service in [Pwned Passwords overview](https://haveibeenpwned.com/API/v2#PwnedPasswords)\n\n## Customization and Configuration\n\nAll server-side settings and client-side settings are stored in the `/appsettings.json` file.\nThe most relevant configuration entries are shown below. Make sure you make your changes to the `appsettings.json` file using a regular text editor like [Visual Studio Code](https://code.visualstudio.com)\n\n- To enable reCAPTCHA\n  1. Find the `PrivateKey` entry and enter your private key within double quotes (`\"`)\n  2. Find the `SiteKey` entry and enter your Site Key within double quotes (`\"`)\n- To change the language of the reCAPTCHA widget\n  - Find the `LanguageCode` entry and enter [one of the options listed here](https://developers.google.com/recaptcha/docs/language). By default this is set to `en`\n- To enable/disable the password meter\n  - Find the `ShowPasswordMeter` entry and set it to `true` or `false` (without quotes)\n- To enable enable/disable the password generator\n  - Find the `UsePasswordGeneration` entry and set it to `true` or `false` (without quotes)\n  - Find the `PasswordEntropy` entry and set it to a numeric value (without quotes) to set the entropy of the generated password\n- To enable server-side password entropy meter\n  - Find the `MinimumScore` entry and set it to a numeric value (without quotes) between 1 and 4, where 1 is a bit secure and 4 is the most secure. Set to 0, for deactivate the validation.\n- To enable restricted group checking\n  1. Find the `RestrictedADGroups` entry and add any groups that are sensitive.  Accounts in these groups (directly or inherited) will not be able to change their password.\n- Find the `DefaultDomain` entry and set it to your default Active Directory domain. This should eliminate confusion about using e-mail domains / internal domain names. **NOTE:** if you are using a subdomain, and you have errors, please try using your top-level domain. \n- To provide an optional parameter to the URL to set the username text box automatically\n  1. `http://mypasscore.com/?userName=someusername`\n  2. This helps the user in case they forgot their username and, also comes in handy when sending a link to the application or having it embedded into another application where the user is already signed in.\n- To specify which (DC) attribute is used to search for the specific user.\n  - With the `IdTypeForUser` it is possible to select one of six Attributes that will be used to search for the specifiv user.\n  - The possible values are:\n    - `DistinguishedName` or `DN`\n    - `GloballyUniqueIdentifier` or `GUID`\n    - `Name`\n    - `SamAccountName` or `SAM`\n    - `SecurityIdentifier` or `SID`\n    - `UserPrincipalName` or `UPN`\n- The rest of the configuration entries are all pretty much all UI strings. Change them to localize, or to brand this utility, to meet your needs.\n\n### Running as a sub-application\n\nTo run as a sub-application you need to modify the `base href=\"/\"` value in the `wwwroot/index.html` file to be the base URL for PassCore. For example you might have PassCore setup at /PassCore so you would put\n\n```html\n\u003cbase href=\"/PassCore/\" /\u003e\n```\n\n## Troubleshooting\n\n- At first run if you find an error (e.g. **HTTP Error 502.5**) first ensure you have installed [.NET Core 3.1.0 Windows Server Hosting bundle](https://dotnet.microsoft.com/download/thank-you/dotnet-runtime-3.1.0-windows-hosting-bundle-installer), or better.\n- If you find an [HTTP Error 500](https://stackoverflow.com/questions/45415832/http-error-500-19-in-iis-10-and-visual-studio-2017) you can try\n  1. Press Win Key+R to Open Run Window\n  1. in the Run Window, enter \"OptionalFeatures.exe\"\n  1. in the features window, Click: \"Internet Information Services\"\n  1. Click: \"World Wide Web Services\"\n  1. Click: \"Application Development Features\"\n  1. Check the features.\n- If you / your user's current password never seems to be accepted for reset; the affected person may need to use a domain-connected PC to log in and reset their password on it first. Updated group policy settings could be blocking user changes, until a local login is completed.\n- You can add permissions to your log folder using [icacls](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls)\n```\nicacls \"\u003clogfolder\u003e/\" /grant \"IIS AppPool\\\u003cpasscoreAppPoolAccount\u003e:M\" /t\n```\n- If you find [Exception from HRESULT: 0x800708C5 .The password does not meet the password policy requirements](http://blog.cionsystems.com/?p=907) trying to change a password. Set 'Minimum password age' to 0 at 'Default Domain Policy'.\n\n### LDAP Support\n\n- If your users are having trouble changing passwords as in issues #8 or #9 : try configuring the section `PasswordChangeOptions` in the `/appsettings.json` file. Here are some guidelines:\n  1. Ensure `UseAutomaticContext` is set to `false`\n  1. Ensure `LdapUsername` is set to an AD user with enough permissions to reset user passwords\n  1. Ensure `LdapPassword` is set to the correct password for the admin user mentioned above\n  1. User @gadams65 suggests the following: Use the FQDN of your LDAP host. Enter the LDAP username without any other prefix or suffix such as `domain\\\\` or `@domain`. Only the username.\n- You can also opt to use the Linux or macOS version of PassCore. This version includes a LDAP Provider based on Novell. The same provider can be used with Windows, you must build it by yourself.\n\n## License\n\nPassCore is open source software and MIT licensed. Please star this project if you like it.\n\n## passcorepro\n\nPassCore is free and will continue to be free forever.\nHowever, you can access a complete, brand new version with new features and tools.\n\nIntroducing passcorepro.\nThis new, enhanced version of our self-service password manager comes with new features such as:\n\n*\tDisplay and manage your Active Directory information with our user profile system.\n*\tSearch for any staff member with the new Directory grid.\n*\tForgot your password? We help you reset it via Email or SMS (via [Twillio Verify API](https://www.twilio.com/docs/verify/api) or custom SMS Gateway).\n*\tAdministrate your AD using our new Dashboard tool.\n*\tParlez-vous français? You can now add any language to PassCorePro!\n\nGo to our store and download a free trial: https://store.unosquare.com/PasscorePro\n","funding_links":[],"categories":["C# #","dotnet"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funosquare%2Fpasscore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funosquare%2Fpasscore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funosquare%2Fpasscore/lists"}