• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1443
  • Last Modified:

set password complexity with standard sql membership provider

I need to set up some complexity when creating a sql membership provider account on a registration page.
I could use the
                              minRequiredNonalphanumericCharacters
property in web.config; however what would be the best way to do this?



0
mugsey
Asked:
mugsey
  • 4
  • 2
1 Solution
 
isaackhaziCommented:
You can strengthen user password requirements by configuring the attributes minRequiredPasswordLength, minRequiredNonAlphanumericCharacters, and passwordStrengthRegularExpression on your membership provider configuration.

If you are using the SqlMembershipProvider, the default password strength is set to a minimum password length of 7 characters with at least one non-alphanumeric character.

If you are using the ActiveDirectoryMembershipProvider with Active Directory, your domain password policy is used by default, although you can further strengthen password policy by overriding this with your membership configuration by using the attributes listed earlier. Similarly, if you are using ActiveDirectoryMembershipProvider with ADAM, your local password policy is used, although you can override this with your membership configuration.
0
 
isaackhaziCommented:
heres an example:
Here is an example of a complete web.config file that could be used.  If you have an existing web.config file that you want to work this into, take the section between and including <membership> and </membership> and place it in your <system.web> section.
 
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf" />
  </connectionStrings>
  <system.web>
    <membership>
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add name="AspNetSqlMembershipProvider"
                  type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  connectionStringName="LocalSqlServer"
                  enablePasswordRetrieval="false"
                  enablePasswordReset="true"
                  requiresQuestionAndAnswer="true"
                  applicationName="/"
                  requiresUniqueEmail="false"
                  minRequiredPasswordLength="1"
                  minRequiredNonalphanumericCharacters="0"
                  passwordFormat="Hashed"
                  maxInvalidPasswordAttempts="5"
                  passwordAttemptWindow="10"
                  passwordStrengthRegularExpression="" />
      </providers>
    </membership>
  </system.web>
</configuration>

Open in new window

0
 
isaackhaziCommented:
The best way is by not only using that one property but by using all or some of the above mentioned properties.

Cheers,
Isaac
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
mugseyAuthor Commented:
Thanks

I am using standard memership an also using the ajax password strength extender with the createuser wizard.

Any more suggestions?
0
 
isaackhaziCommented:
That should do it for you. Infact even microsoft recommends doin it the way i stated in the example above. So, that should suffice.

Cheers,
Isaac
0
 
mugseyAuthor Commented:
OK thanks I will try it that way.

However I have one question, I am using a validation summary control and it does indeed display the error regarding password strength however how can I get the asterisk to display next to the password text box.
I have a required field validator on the password textbox but the error is only displayed in the control validation summary.
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now