.Net Change Password control customisation - password validation

Posted on 2008-11-20
Medium Priority
Last Modified: 2013-12-17
I am creating a change password page on a new site using the Change Password control from .Net
Site will be based on 3.5 Framework

so i have this basically:
<asp:ChangePassword ID="ChangePassword1" runat="server" MembershipProvider="AspNetSqlMembershipProvider"></asp:ChangePassword>

I would like to do the following server side:

I need to first check the username and based on the username apply only one of the following validation rules:
If User is Admin - Ensure Password is 11 characters long
If user is Normal Member - Ensure password is 10 characters long

For BOTH of these there are also extra validation rules:
- Must use at least 3 of the following characters (lowercase, uppercase, numerals, special symbols)

How i determine a user is Admin or Normal Member will depend on the username, logic yet to be finalised but for purpose of this excerise lets assume admins have "adm" infront of their username, normal members dont

Can anyone help me with how i would do the validation checking as detailed above?
I would prefer to use regular exp for the password validation to make the code easier to update later on.

I have never used this control before so unsure of what event to perform such validation on to ensure the password is not changed unless these rules are checked for.

Lots of points on offer for complete answer.
Question by:HRT_HSV
  • 2
LVL 18

Accepted Solution

carlnorrbom earned 750 total points
ID: 23003323

Well. in order to set this up server side you could use a custom validator for the NewPassword textbox (if you convert the control to a template). See the snippet for some reference code. Be sure to add the custom validator to the same validation group as the others in the changepassword control or it won't fire. The changepassword control has a property called: NewPasswordRegularExpression which you can use to define the regex you need.

    Protected Sub CustomValidator1_ServerValidate(ByVal source As Object, ByVal args As System.Web.UI.WebControls.ServerValidateEventArgs)
        Dim strUserName As String = User.Identity.Name.ToString()
        If strUserName.Substring(0, 3) = "adm" Then 'user is admin
            If NewPassword.Text.Length < 11 Then 'invalid
                args.IsValid = False
                args.IsValid = True
            End If
        Else 'user is not admin
            If NewPassword.Text.Length < 10 Then 'invalid
                args.IsValid = False
                args.IsValid = True
            End If
        End If
    End Sub

Open in new window


Author Comment

ID: 23009208
ok great thanks i will give this a try, do you know about the 2nd part of the question, the regex for this validation rule...

"Must use at least 3 of the following character combinations (lowercase, uppercase, numerals, special symbols) "
eg: at least 1 lower AND 1 upper AND  1 numeral .

Assisted Solution

keustermans earned 750 total points
ID: 23012959
I think this regex will do it fo you:

For 10 character with at least one Upper Case, one Lower Case and One special char

You can adjust the length minimum 11 chars by repalcing the 10 with an 11 and you can add more special chars to the list if you want to

Author Closing Comment

ID: 31518632
thank you both for pointing me in the right direction much appreciated

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question