We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


ASP.NET Random Password Generator

nmretd asked
Medium Priority
Last Modified: 2008-02-26

I need an ASP.NET random password generator which gives me a password atleast 6 characters in length mixed with upper/lower case letter and atleast one digit. Can somebody provide me with a function that can do this ?

Watch Question

After executing the following code, "pass" will contain the randomly generated password:


        Const MIN_CHARS = 6
        Const MIN_DIGITS = 1
        Const MAX_CHARS = 12
        Const MAX_DIGITS = 12
        Dim rnd As New Random
        Dim num1 As Integer = rnd.Next(MIN_CHARS, MAX_CHARS)
        Dim num2 As Integer = rnd.Next(MIN_DIGITS, num1)
        Dim i As Integer, j As Integer
        Dim pass As String = ""
        Dim nextChar As Char
        For i = 1 To num1 - num2
            j = rnd.Next(1, 52)
            If j <= 26 Then
                nextChar = Chr(j + 64)
                nextChar = Chr(j + 70)
            End If
            pass = pass & nextChar
        For i = 1 To num2
            j = rnd.Next(0, 9)
            pass = pass.Insert(rnd.Next(0, pass.Length - 1), Chr(j + 48))



  Nayer Naguib

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
In the above code, num1 is used to hold the total number of letters and digits, num2 to hold the number of digits, and i is the loop counter.
In both loops, j is used to hold an encoded value of the randomly generated character to be added. The value is then decoded in the first loop to one of the 52 possible letters (26 uppercase and 26 lowercase), and in the second loop, to a digit between 0 and 9.

Chr(k) returns the character corresponding to ASCII value k.


  Nayer Naguib

I know your looking for VB.NET solution but this VB6 solution could be adapted to VB.NET

Function RandomPW(myLength) As String
    'These constant are the minimum and maximum length for random
    'length passwords.  Adjust these values to your needs.
    Const minLength = 6
    Const maxLength = 6
    Dim X, Y, strPW, Temp
    If myLength = 0 Then
        myLength = Int((maxLength * Rnd) + minLength)
    End If

    For X = 1 To myLength
        'Randomize the type of this character
        Y = Int((3 * Rnd) + 1) '(1) Numeric, (2) Uppercase, (3) Lowercase
        Select Case Y
            Case 1
                'Numeric character
                Temp = Chr(Int((9 * Rnd) + 48))
                Do Until (Temp <> "1" And Temp <> "0")
                    Temp = Chr(Int((9 * Rnd) + 48))
                strPW = strPW & Temp
            Case 2
                'Uppercase character
                Temp = Chr(Int((25 * Rnd) + 65))
                Do Until (Temp <> "L" And Temp <> "I" And Temp <> "O")
                    Temp = Chr(Int((25 * Rnd) + 65))
                strPW = strPW & Temp
            Case 3
                'Lowercase character
                Temp = Chr(Int((25 * Rnd) + 97))
                Do Until (Temp <> "l" And Temp <> "i" And Temp <> "o")
                    Temp = Chr(Int((25 * Rnd) + 97))
                strPW = strPW & Temp

        End Select
    RandomPW = strPW

End Function

Nice thing about this one is that it omits characters such as L, I and O which can be mistaken for other characters unless the user copies and pastes the password.
why don't you use MD5 functions for creating random strings?
abbdan: Sorry, but I'm really interested to know how you guarantee that there would be at least one digit in the generated password???
             I'm also interested to know the advantages of converting some VB 6 code to VB .NET instead of directly using the VB .NET code!



  Nayer Naguib

Modifications to the password generation process will probably be made tailored to the authors specifications even if they use your code.  My code, albeit VB6, gives ideas for guidance as an assist solution.  Your code provided needed translations of the random function and could be adapted for the total solution.

I'm just offering related ideas.  They don't have to be accepted.

Its good code and offers other ideas that may not have been encompased.
I know. You just missed the specification of "at least one digit" requested by the author.

Also, it is a good practice to avoid the following structure as much as possible:

    Generate a random number
  Until the random number meets some condition

Rather, it may be better (for performance reasons), that you first create a collection of *only* the allowed numbers, and then randomly select one. For example, the following two algorithms are supposed to fill an array with values 1 to 1000 randomly shuffled:

Algorithm 1:

    Generate a random number x between 1 and 1000
  Until we find x that has not been generated before
  Fill the next available element in the array with the value x
Until all 1000 elements are populated

Algorithm 2:

Create a linked list with sorted values from 1 to 1000
  Generate a random number x with maximum value equal to current list length
  Store element x of the list in the next available element of the array
  Remove element x from the list
While list is not empty

Although both algorithms are correct (and you probably won't even notice a difference in performance on a 3 GHz processor!), the first algorithm may require tens of thousands of random number generation operations before generating all values from 1 to 1000. However, the second algorithm, although requires little overhead to populate the linked list, will require generating exactly 1000 random numbers before the algorithm successfully finished execution.

In your code, you have three such Do-Until loops. Although in this specific case allowed numbers will be found in no time, it's generally better to follow the other technique. For example, if you plan to omit 'L', 'I', and 'O', then you can generate a random number between 1 and 23, and then map the generated number to an allowed letter. On the other hand, you successfully used the second technique when you generated a random number between 0 and 25 to select a random letter (where you later add 65 or 97 to match ASCII code for the alphabet). Imagine what the code would have looked like if you wrote a loop that generates random numbers between 0 and 255 until a number in the ranges [65, 90] or [97, 122] is found!!


  Nayer Naguib
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.