Ali Sarshogh Ali Sarshogh - 2 months ago 31
ASP.NET (C#) Question

Password Policy in ASP.NET Profile (Membership)

In change password page, we have this code, So if we want to change Password Policy into "StrongPolicy", have we a way or is it by default?

Also can we change it to weak policy ?

I read MSDN but couldn't find it.

Membership mu ;
mu=Membership.GetUser(txtUserName.Text);

mu.UnlockUser();
var newPass= mu.ResetPassword();
mu.ChangePassword(newPass,TxtPassword.Text);

Answer

By default the memebership provider in .net restricts you to have password of length 7(atleast) and of which one character must be alpha-numeric.

Although there many ways by which you can change that. You can check Changing password policy setting in membership provider.

Using minimum length and non-alphanumeric character

<membership ...>
  <providers>
    <add minRequiredPasswordLength=10 minRequiredNonalphanumericCharacters=2 .../>
  </providers>
 </membership>

Using regular expression

<membership ...>
  <providers>
    <add passwordStrengthRegularExpression= 
                    "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,10}$" .../>
  </providers>
 </membership>

The above code is from the same site.

Comments