set password complexity with standard sql membership provider

I need to set up some complexity when creating a sql membership provider account on a registration page.
I could use the
                              minRequiredNonalphanumericCharacters
property in web.config; however what would be the best way to do this?



mugseyAsked:
Who is Participating?
 
isaackhaziCommented:
heres an example:
Here is an example of a complete web.config file that could be used.  If you have an existing web.config file that you want to work this into, take the section between and including <membership> and </membership> and place it in your <system.web> section.
 
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf" />
  </connectionStrings>
  <system.web>
    <membership>
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add name="AspNetSqlMembershipProvider"
                  type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  connectionStringName="LocalSqlServer"
                  enablePasswordRetrieval="false"
                  enablePasswordReset="true"
                  requiresQuestionAndAnswer="true"
                  applicationName="/"
                  requiresUniqueEmail="false"
                  minRequiredPasswordLength="1"
                  minRequiredNonalphanumericCharacters="0"
                  passwordFormat="Hashed"
                  maxInvalidPasswordAttempts="5"
                  passwordAttemptWindow="10"
                  passwordStrengthRegularExpression="" />
      </providers>
    </membership>
  </system.web>
</configuration>

Open in new window

0
 
isaackhaziCommented:
You can strengthen user password requirements by configuring the attributes minRequiredPasswordLength, minRequiredNonAlphanumericCharacters, and passwordStrengthRegularExpression on your membership provider configuration.

If you are using the SqlMembershipProvider, the default password strength is set to a minimum password length of 7 characters with at least one non-alphanumeric character.

If you are using the ActiveDirectoryMembershipProvider with Active Directory, your domain password policy is used by default, although you can further strengthen password policy by overriding this with your membership configuration by using the attributes listed earlier. Similarly, if you are using ActiveDirectoryMembershipProvider with ADAM, your local password policy is used, although you can override this with your membership configuration.
0
 
isaackhaziCommented:
The best way is by not only using that one property but by using all or some of the above mentioned properties.

Cheers,
Isaac
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
mugseyAuthor Commented:
Thanks

I am using standard memership an also using the ajax password strength extender with the createuser wizard.

Any more suggestions?
0
 
isaackhaziCommented:
That should do it for you. Infact even microsoft recommends doin it the way i stated in the example above. So, that should suffice.

Cheers,
Isaac
0
 
mugseyAuthor Commented:
OK thanks I will try it that way.

However I have one question, I am using a validation summary control and it does indeed display the error regarding password strength however how can I get the asterisk to display next to the password text box.
I have a required field validator on the password textbox but the error is only displayed in the control validation summary.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.