none
using Membership.GeneratePassword in url RRS feed

  • Question

  • Hi,

    can I use the password generated by Membership.GeneratePassword as a value of a url parameter? my concern for example is that it can create the following string in the password "%3F" and that will cause an exception when a url with that string will be processed, since it's the character code for question mark(not the question itself).  Thanks!

    Tuesday, June 23, 2015 6:48 AM

Answers

  • Hello ido,

    >> maybe the code which implements Membership.GeneratePassword is taking care that no url forbidden chars will be generated? I need to confirm that... Thanks.

    Yes, you are right, the code actually does not take care forbidden chars in url since the generated password is not designed to be placed in a url specifically. If you want to see its detail implementation, please check this link:

    http://referencesource.microsoft.com/#System.Web/Security/Membership.cs,fe744ec40cace139

    By the way, it seems you are working with a asp.net project, it is recommended to ask asp.net question to: http://forums.asp.net/

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by nq_silverWeb Wednesday, June 24, 2015 7:35 AM
    Wednesday, June 24, 2015 1:53 AM
    Moderator

All replies

  • Hello,

    You can't generate a password without alphanumeric caracters.

    You could remove it like that:

    string myPassword = Membership.GeneratePassword(15, 0);
    newPassword = Regex.Replace(myPassword, @"[^a-zA-Z0-9]", m => "9" );


    or you could use GUID to generate your password:

    string myPassword = Guid.NewGuid().ToString()

    Regards

    Cédric

    Tuesday, June 23, 2015 7:46 AM
  • Thank you cedric, but the alphanumeric or the symbols don't bother me. I just want to know if a combination of the two could create forbidden chars in a url or not. maybe the code which implements Membership.GeneratePassword is taking care that no url forbidden chars will be generated? I need to confirm that... Thanks.
    Tuesday, June 23, 2015 8:42 AM
  • In order to include any string in URL, consider WebUtlity.UrlEncode. However is it safe to place the password in URL?

    Tuesday, June 23, 2015 11:35 AM
  • Viorel, thank you.

    it's not the real login password.

    it just a secure string in a url for a one time link which a user clicks on in an email he got from the system, so the user can confirm he's email address and registration.

    I could use UrlEncode, but I thought it might be unnecessary since Membership.GeneratePassword is intended for ASP.NET. If someone could clarify on that, it would be great.

    Thanks.

    Tuesday, June 23, 2015 11:45 AM
  • Hello ido,

    >> maybe the code which implements Membership.GeneratePassword is taking care that no url forbidden chars will be generated? I need to confirm that... Thanks.

    Yes, you are right, the code actually does not take care forbidden chars in url since the generated password is not designed to be placed in a url specifically. If you want to see its detail implementation, please check this link:

    http://referencesource.microsoft.com/#System.Web/Security/Membership.cs,fe744ec40cace139

    By the way, it seems you are working with a asp.net project, it is recommended to ask asp.net question to: http://forums.asp.net/

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by nq_silverWeb Wednesday, June 24, 2015 7:35 AM
    Wednesday, June 24, 2015 1:53 AM
    Moderator
  • Thank you so much Fred!!!

    That's what I needed to know.

    Just one question, how could I know by myself that this open source and that I could see it for myself somewhere on the web?

    Thank you so much!

    Wednesday, June 24, 2015 7:38 AM
  • Hello ido,

    >>Just one question, how could I know by myself that this open source and that I could see it for myself somewhere on the web?

    The .NET Framework is already source open, and this is specific site for its source code:

    http://referencesource.microsoft.com/

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, June 25, 2015 7:51 AM
    Moderator
  • Thanks (-:
    Thursday, June 25, 2015 6:26 PM