Month: September 2013

Password Policy Check in ASP.NET Membership

There are 3 attributes in ASP.NET Membership Providers for configuring the password policy check.

1. minRequiredPasswordLength
Specifies the minimum number of characters that are required in a password. The default is 7.

2. minRequiredNonalphanumericCharacters
Specifies the minimum number of special characters that must be present in a valid password. The default is 1.

3. passwordStrengthRegularExpression
Specifies the regular expression that is used to evaluate a password. The default is an empty string (“”).

The following is a sample of ASP.NET Membership Provider Configuration.

<membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="30">
  <providers>
    <clear />
    <add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" applicationName="MyApplication" 
      minRequiredPasswordLength="8" 
      minRequiredNonalphanumericCharacters="1" 
      passwordStrengthRegularExpression="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=(.*\W)).{8,128}$" />
  </providers>
</membership>

The above configuration validates the password to meet the following criteria:
+ It is at least 8 characters and not exceed 128 characters
+ It contains at least 1 lower-case character
+ It contains at least 1 upper-case character
+ It contains at least 1 numeric character
+ It contains at least 1 special (non-alphanumeric) character

References

Advertisements