.Net Change Password control customisation - password validation

Posted on 2008-11-20
Last Modified: 2013-12-17
I am creating a change password page on a new site using the Change Password control from .Net
Site will be based on 3.5 Framework

so i have this basically:
<asp:ChangePassword ID="ChangePassword1" runat="server" MembershipProvider="AspNetSqlMembershipProvider"></asp:ChangePassword>

I would like to do the following server side:

I need to first check the username and based on the username apply only one of the following validation rules:
If User is Admin - Ensure Password is 11 characters long
If user is Normal Member - Ensure password is 10 characters long

For BOTH of these there are also extra validation rules:
- Must use at least 3 of the following characters (lowercase, uppercase, numerals, special symbols)

How i determine a user is Admin or Normal Member will depend on the username, logic yet to be finalised but for purpose of this excerise lets assume admins have "adm" infront of their username, normal members dont

Can anyone help me with how i would do the validation checking as detailed above?
I would prefer to use regular exp for the password validation to make the code easier to update later on.

I have never used this control before so unsure of what event to perform such validation on to ensure the password is not changed unless these rules are checked for.

Lots of points on offer for complete answer.
Question by:HRT_HSV
    LVL 18

    Accepted Solution


    Well. in order to set this up server side you could use a custom validator for the NewPassword textbox (if you convert the control to a template). See the snippet for some reference code. Be sure to add the custom validator to the same validation group as the others in the changepassword control or it won't fire. The changepassword control has a property called: NewPasswordRegularExpression which you can use to define the regex you need.

        Protected Sub CustomValidator1_ServerValidate(ByVal source As Object, ByVal args As System.Web.UI.WebControls.ServerValidateEventArgs)
            Dim strUserName As String = User.Identity.Name.ToString()
            If strUserName.Substring(0, 3) = "adm" Then 'user is admin
                If NewPassword.Text.Length < 11 Then 'invalid
                    args.IsValid = False
                    args.IsValid = True
                End If
            Else 'user is not admin
                If NewPassword.Text.Length < 10 Then 'invalid
                    args.IsValid = False
                    args.IsValid = True
                End If
            End If
        End Sub

    Open in new window


    Author Comment

    ok great thanks i will give this a try, do you know about the 2nd part of the question, the regex for this validation rule...

    "Must use at least 3 of the following character combinations (lowercase, uppercase, numerals, special symbols) "
    eg: at least 1 lower AND 1 upper AND  1 numeral .
    LVL 7

    Assisted Solution

    I think this regex will do it fo you:

    For 10 character with at least one Upper Case, one Lower Case and One special char

    You can adjust the length minimum 11 chars by repalcing the 10 with an 11 and you can add more special chars to the list if you want to

    Author Closing Comment

    thank you both for pointing me in the right direction much appreciated

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
    For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK ( for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now