.Net Change Password control customisation - password validation

I am creating a change password page on a new site using the Change Password control from .Net
Site will be based on 3.5 Framework

so i have this basically:
<asp:ChangePassword ID="ChangePassword1" runat="server" MembershipProvider="AspNetSqlMembershipProvider"></asp:ChangePassword>

I would like to do the following server side:

I need to first check the username and based on the username apply only one of the following validation rules:
If User is Admin - Ensure Password is 11 characters long
If user is Normal Member - Ensure password is 10 characters long

For BOTH of these there are also extra validation rules:
- Must use at least 3 of the following characters (lowercase, uppercase, numerals, special symbols)

How i determine a user is Admin or Normal Member will depend on the username, logic yet to be finalised but for purpose of this excerise lets assume admins have "adm" infront of their username, normal members dont

Can anyone help me with how i would do the validation checking as detailed above?
I would prefer to use regular exp for the password validation to make the code easier to update later on.

I have never used this control before so unsure of what event to perform such validation on to ensure the password is not changed unless these rules are checked for.

Lots of points on offer for complete answer.
Who is Participating?

Well. in order to set this up server side you could use a custom validator for the NewPassword textbox (if you convert the control to a template). See the snippet for some reference code. Be sure to add the custom validator to the same validation group as the others in the changepassword control or it won't fire. The changepassword control has a property called: NewPasswordRegularExpression which you can use to define the regex you need.

    Protected Sub CustomValidator1_ServerValidate(ByVal source As Object, ByVal args As System.Web.UI.WebControls.ServerValidateEventArgs)
        Dim strUserName As String = User.Identity.Name.ToString()
        If strUserName.Substring(0, 3) = "adm" Then 'user is admin
            If NewPassword.Text.Length < 11 Then 'invalid
                args.IsValid = False
                args.IsValid = True
            End If
        Else 'user is not admin
            If NewPassword.Text.Length < 10 Then 'invalid
                args.IsValid = False
                args.IsValid = True
            End If
        End If
    End Sub

Open in new window

HRT_HSVAuthor Commented:
ok great thanks i will give this a try, do you know about the 2nd part of the question, the regex for this validation rule...

"Must use at least 3 of the following character combinations (lowercase, uppercase, numerals, special symbols) "
eg: at least 1 lower AND 1 upper AND  1 numeral .
I think this regex will do it fo you:

For 10 character with at least one Upper Case, one Lower Case and One special char

You can adjust the length minimum 11 chars by repalcing the 10 with an 11 and you can add more special chars to the list if you want to
HRT_HSVAuthor Commented:
thank you both for pointing me in the right direction much appreciated
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.