We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

set password complexity with standard sql membership provider

mugsey
mugsey asked
on
Medium Priority
1,557 Views
Last Modified: 2013-12-17
I need to set up some complexity when creating a sql membership provider account on a registration page.
I could use the
                              minRequiredNonalphanumericCharacters
property in web.config; however what would be the best way to do this?



Comment
Watch Question

You can strengthen user password requirements by configuring the attributes minRequiredPasswordLength, minRequiredNonAlphanumericCharacters, and passwordStrengthRegularExpression on your membership provider configuration.

If you are using the SqlMembershipProvider, the default password strength is set to a minimum password length of 7 characters with at least one non-alphanumeric character.

If you are using the ActiveDirectoryMembershipProvider with Active Directory, your domain password policy is used by default, although you can further strengthen password policy by overriding this with your membership configuration by using the attributes listed earlier. Similarly, if you are using ActiveDirectoryMembershipProvider with ADAM, your local password policy is used, although you can override this with your membership configuration.
heres an example:
Here is an example of a complete web.config file that could be used.  If you have an existing web.config file that you want to work this into, take the section between and including <membership> and </membership> and place it in your <system.web> section.
 
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf" />
  </connectionStrings>
  <system.web>
    <membership>
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add name="AspNetSqlMembershipProvider"
                  type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  connectionStringName="LocalSqlServer"
                  enablePasswordRetrieval="false"
                  enablePasswordReset="true"
                  requiresQuestionAndAnswer="true"
                  applicationName="/"
                  requiresUniqueEmail="false"
                  minRequiredPasswordLength="1"
                  minRequiredNonalphanumericCharacters="0"
                  passwordFormat="Hashed"
                  maxInvalidPasswordAttempts="5"
                  passwordAttemptWindow="10"
                  passwordStrengthRegularExpression="" />
      </providers>
    </membership>
  </system.web>
</configuration>

Open in new window

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
The best way is by not only using that one property but by using all or some of the above mentioned properties.

Cheers,
Isaac

Author

Commented:
Thanks

I am using standard memership an also using the ajax password strength extender with the createuser wizard.

Any more suggestions?
That should do it for you. Infact even microsoft recommends doin it the way i stated in the example above. So, that should suffice.

Cheers,
Isaac

Author

Commented:
OK thanks I will try it that way.

However I have one question, I am using a validation summary control and it does indeed display the error regarding password strength however how can I get the asterisk to display next to the password text box.
I have a required field validator on the password textbox but the error is only displayed in the control validation summary.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.