locked
Password complexity in C# RRS feed

  • Question

  • Hello

    I have designed one windows form application for user login. In this, I have taken one text box for password and i want to set some password complexity as Password should contain Maximum 8 characters (1 Upper-case letter, 1 Lower case letter, number, 1 special character). otherwise password will not accept. 

    For reference, attached here with screenshot of application.

    Please do needful.

    Thanks & Regards

    MTrush

    Thursday, June 2, 2016 11:43 AM

Answers

  •  public bool ValidatePassword(string password)
            {
                string patternPassword = @"^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$";
                if (!string.IsNullOrEmpty(password))
                {
                    if (!Regex.IsMatch(password, patternPassword))
                    {
                        return false;
                    }
                    
                }
                return true;
            }
     private void btn_Click(object sender, EventArgs e)
            {
    
                if (ValidatePassword(txtPassword.Text))
                {
                    // insert opertion in Db
                }
                else
                {
                    MessageBox.Show(" Password must be at least 4 characters, no more than 8 characters, and must include at least one upper case letter, one lower case letter, and one numeric digit.");
                }
            }


    Ramakant Verma .NET Consultant(Windows Azure, Windows Phone8,Windows 8,ASP.NET,Silverlight)

    • Marked as answer by DotNet Wang Wednesday, June 15, 2016 2:32 AM
    Saturday, June 4, 2016 7:14 AM

All replies

  • Include using System.Text.RegularExpressions namespace

    public void  ValidatePassword(string password )
            {
                string patternPassword = @"^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$";
                if (!string.IsNullOrEmpty(password))
                {
                    if (!Regex.IsMatch(password, patternPassword))
                    {
                        MessageBox.Show(" Password must be at least 4 characters, no more than 8 characters, and must include at least one upper case letter, one lower case letter, and one numeric digit.");
                    }
                }
            }
     Password will be match to be at least 4 characters, no more than 8 characters, and must include at least one upper case letter, one lower case letter, and one numeric digit.

    Ramakant Verma .NET Consultant(Windows Azure, Windows Phone8,Windows 8,ASP.NET,Silverlight)


    Thursday, June 2, 2016 12:25 PM
  • The below link should help:

    http://www.codeproject.com/Tips/222203/Customizable-Password-Policy-Csharp


    Paul ~~~~ Microsoft MVP (Visual Basic)

    Thursday, June 2, 2016 1:32 PM
  • Storing passwords safely:

    https://www.youtube.com/watch?v=8ZtInClXe1Q

    If you store it, the place to ensure complexity and other integreity measures would not be the UI programm, but the Database/storage backend. Maybe in the Web API used to access it.
    One of the most important rules of using DB's is to not move validation and integrity checks out of the DB. Let the DBMS do it. It can maintain it better then a dozen clients that might have different ideas of "right" ever could.


    Friday, June 3, 2016 9:30 AM
  • Hello Ramakant Verma Sir,

    I have added this function in my code, on Add user button click event , i have called this function, but it shows only message box, even password is not in format, new user data is successfully added into database. I want to show if Password is not in given format, then user data will not be added into database.

    Please do help me.

    Thanks & Regards

    MTrush

    Saturday, June 4, 2016 5:25 AM
  •  public bool ValidatePassword(string password)
            {
                string patternPassword = @"^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$";
                if (!string.IsNullOrEmpty(password))
                {
                    if (!Regex.IsMatch(password, patternPassword))
                    {
                        return false;
                    }
                    
                }
                return true;
            }
     private void btn_Click(object sender, EventArgs e)
            {
    
                if (ValidatePassword(txtPassword.Text))
                {
                    // insert opertion in Db
                }
                else
                {
                    MessageBox.Show(" Password must be at least 4 characters, no more than 8 characters, and must include at least one upper case letter, one lower case letter, and one numeric digit.");
                }
            }


    Ramakant Verma .NET Consultant(Windows Azure, Windows Phone8,Windows 8,ASP.NET,Silverlight)

    • Marked as answer by DotNet Wang Wednesday, June 15, 2016 2:32 AM
    Saturday, June 4, 2016 7:14 AM
  • static bool ValidatePassword( string password ) { const int MIN_LENGTH = 8 ; const int MAX_LENGTH = 15 ; if ( password == null ) throw new ArgumentNullException() ; bool meetsLengthRequirements = password.Length >= MIN_LENGTH && password.Length <= MAX_LENGTH ; bool hasUpperCaseLetter = false ; bool hasLowerCaseLetter = false ; bool hasDecimalDigit = false ; if ( meetsLengthRequirements ) { foreach (char c in password ) { if ( char.IsUpper(c) ) hasUpperCaseLetter = true ; else if ( char.IsLower(c) ) hasLowerCaseLetter = true ; else if ( char.IsDigit(c) ) hasDecimalDigit = true ; } } bool isValid = meetsLengthRequirements && hasUpperCaseLetter && hasLowerCaseLetter && hasDecimalDigit ; return isValid ; }

    Hope this might help you.
    Wednesday, June 8, 2016 5:45 AM