locked
Strong Password Problem in VS LightSwitch 2011 RRS feed

  • Question

  • Hi,

    Developing a project in Visual Studio LightSwitch 2011. I have a problem as follows:

    I have "kullanici(eng. users)" table and this table EditableGrid view. I want the user to enter a password. If the user enters a weak password (123456, etc.) give a runtime error shuts down the program. But the user enters a strong password (123/456, etc.) to save without any errors occurring.

    Error line:

     this.DataWorkspace.SecurityData.SaveChanges();

    ERROR: "One or more objects to perform the operation is invalid. ValidationException.ValidationResults For more information, please examine the property."

    I think that on Validate, but could not write the correct code. I could not find on the internet. I would like your help.

    I want to have a strong password. However, a weak password is entered, I want to an error in messagebox control or similar control.

    Thanks in advance.

    Saturday, December 15, 2012 11:03 PM

Answers

  • The error has nothing to do with the method that is used to enter the password. The password that's being saved (in code that you haven't shown) doesn't match the complexity expected by the ASP.NET Membership Provider.

    For example, when you use my Password type (from the Luminous Types for LightSwitch extension), the complexity that you set for it only works on the value entered into the control that's bound to that property. If the value doesn't meet the specified rules for the password type, then a validation error occurs. This extension is designed for password values that simply get stored in a string property, in some entity/table.

    But when you then try to save that same value into the security data data source, you'll get a validation error it doesn't match the membership provider's complexity requirements.

    They're two different scenarios. Can you see that?

    Can I also give you a bit of advice?

    "If the user enters a weak password (123456, etc.) give a runtime error shuts down the program"

    Shutting down the application because a user enters a weak password is pretty drastic, & will not be a very good experience for the user. A better idea is to let LightSwitch alert the user (via validation code, which then alerts the user with a validtion error message), then allow them to react to the validation error by entering a stronger password. Dumping a user out of an application is NEVER a good idea (unless MAYBE it's when they first log on).


    Yann - LightSwitch Central - Click here for FREE Themes, Controls, Types and Commands
     
    Please click "Mark as Answer" if a reply answers your question. Please click "Vote as Helpful" , if you find a reply helpful.
     
    By doing this you'll help others to find answers faster.

    • Marked as answer by Ahmet Kurt Monday, December 17, 2012 9:55 PM
    Monday, December 17, 2012 3:27 AM
    Moderator

All replies

  • Hi,

    I have "kullanici(eng. user)" table and this table EditableGrid view. The user enters the password is weak, I want a warning as follows:

    "The password does not meet the password requirements. Check the minimum password lenght and password complexity."

    This warning, I would like to be seen on the form that I created. This warning is on Administrator form seems to already.

    Thanks in advance.

    Sunday, December 16, 2012 12:09 AM
  • Hi

    It will be better if you go for Yann Duran's Luminous LightSwitch Type extension. This extension allow you to provide your own password complexity and it also warn you when your input password does not meet the password complexity.

    Hope this help...

    Regards


    Rashmi Ranjan Panigrahi
    www.lightswitchspecial.com

    If you found this post helpful, please “Vote as Helpful”. If it answered your question, please “Mark as Answer”.
    This will help other users to find their answer quickly.

    Sunday, December 16, 2012 4:50 AM
  • Thank you very much for your interest but same error again. Is there another solution to this problem?
    Sunday, December 16, 2012 9:54 AM
  • The error has nothing to do with the method that is used to enter the password. The password that's being saved (in code that you haven't shown) doesn't match the complexity expected by the ASP.NET Membership Provider.

    For example, when you use my Password type (from the Luminous Types for LightSwitch extension), the complexity that you set for it only works on the value entered into the control that's bound to that property. If the value doesn't meet the specified rules for the password type, then a validation error occurs. This extension is designed for password values that simply get stored in a string property, in some entity/table.

    But when you then try to save that same value into the security data data source, you'll get a validation error it doesn't match the membership provider's complexity requirements.

    They're two different scenarios. Can you see that?

    Can I also give you a bit of advice?

    "If the user enters a weak password (123456, etc.) give a runtime error shuts down the program"

    Shutting down the application because a user enters a weak password is pretty drastic, & will not be a very good experience for the user. A better idea is to let LightSwitch alert the user (via validation code, which then alerts the user with a validtion error message), then allow them to react to the validation error by entering a stronger password. Dumping a user out of an application is NEVER a good idea (unless MAYBE it's when they first log on).


    Yann - LightSwitch Central - Click here for FREE Themes, Controls, Types and Commands
     
    Please click "Mark as Answer" if a reply answers your question. Please click "Vote as Helpful" , if you find a reply helpful.
     
    By doing this you'll help others to find answers faster.

    • Marked as answer by Ahmet Kurt Monday, December 17, 2012 9:55 PM
    Monday, December 17, 2012 3:27 AM
    Moderator
  • Thank you very much Yann. I solved the problem by using "validate" a little bit. 

    How can I make like this? Do you think is it effective?

    Web.config file:

    <add name="AspNetMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="_IntrinsicData" applicationName="ProjeGRC" requiresUniqueEmail="false" requiresQuestionAndAnswer="false" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="6"/>

    Designer side:

    left-click PasswordBox and Add Data Item... -> name: pb -> OK -> left-click pb method -> maximum lenght: 12

    My English is not very good. I hope you understand me. :))

    Monday, December 17, 2012 10:14 PM