I would like to reject bad passwords (or variations thereof) on signup in my asp.net application. eg:
Password
P@ssw0rd
Passw0rd123
I'm not using the built-in ASP.NET Identity features so those standard validation tools are not available to me. Can I use regex or is there some other existing packages or tools that can be suggested to ensure strong passwords for my users? TIA.
Rather than testing for "bad passwords" like this you really want to be using a known list of bad passwords: something like Pwned Passwords.
Here is an example of a ASP.NET implementation that should get you started https://github.com/MatrixsoftIN/PwnedPasswords
Keep in mind that you don't want to be sending your user's passwords off to an external site for validation (and thus breaking their trust in you). That's why the above service allows you to send a partial hash of the password off to the service instead which anonymously validates the password instead. Neat hey!?