locked
Password Length and Strength RRS feed

  • Question

  • User-655862652 posted

    I know this has been asked before, but all solutions I have come across always end up in build errors.

    What and where in the web.config file do I add code to change the password requirement? 

    What I have seen is:

    <membership>
          <providers>
            <remove name="AspNetSqlMembershipProvider" />
            <add name="AspNetSqlMembershipProvider"
                      type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                      connectionStringName="LocalSqlServer"
                      enablePasswordRetrieval="false"
                      enablePasswordReset="true"
                      requiresQuestionAndAnswer="true"
                      applicationName="/"
                      requiresUniqueEmail="false"
                      minRequiredPasswordLength="1"
                      minRequiredNonalphanumericCharacters="0"
                      passwordFormat="Hashed"
                      maxInvalidPasswordAttempts="5"
                      passwordAttemptWindow="10"
                      passwordStrengthRegularExpression="" />
          </providers>
    </membership>

    but I always have build errors after I add the code to the file.

     

    Thanks,

     

    Marshall

    Saturday, July 7, 2007 9:43 PM

All replies

  • User1132873562 posted

    You can do this in two ways

    1. Set minRequiredPasswordLength and minRequiredNonalphanumericCharacters. By these properties you set rules for  the minmal password length and the minimal Non alpha numeric Characters.
    2. Use a regular expression by setting the passwordStrengthRegularExpression. See http://msdn.microsoft.com/en-us/library/system.web.security.membership.passwordstrengthregularexpression.aspx for documentation

    Below you find my web.config file that will work with the default membership controls

    <?xml version="1.0" encoding="utf-8"?><configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
        <system.web>
            <authentication mode="Forms" />
            <compilation debug="true" />
          <membership>
            <providers>
              <remove name="AspNetSqlMembershipProvider" />
              <add name="AspNetSqlMembershipProvider"
                        type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                        connectionStringName="LocalSqlServer"
                        enablePasswordRetrieval="false"
                        enablePasswordReset="true"
                        requiresQuestionAndAnswer="true"
                        applicationName="/"
                        requiresUniqueEmail="false"
                        minRequiredPasswordLength="6"
                        minRequiredNonalphanumericCharacters="1"
                        passwordFormat="Hashed"
                        maxInvalidPasswordAttempts="5"
                        passwordAttemptWindow="10"
                        passwordStrengthRegularExpression="" />
            </providers>
          </membership>
        </system.web>
    </configuration>

     

     

    Sunday, July 8, 2007 1:47 AM