Feed Yourself:
Subscribe by Email:
|
|
|
On this page....
 Email Us
Archives
| March, 2007 (1) |
| January, 2007 (3) |
| December, 2006 (9) |
| November, 2006 (9) |
| October, 2006 (1) |
| September, 2006 (3) |
| August, 2006 (1) |
| July, 2006 (1) |
| June, 2006 (4) |
| May, 2006 (5) |
| April, 2006 (6) |
| March, 2006 (5) |
| February, 2006 (5) |
| January, 2006 (5) |
| December, 2005 (2) |
Navigation
Categories
Disclaimer
The opinions expressed in this site are those of the individual authors and
do not necessarily represent the official view of Ardent Development nor its employees, subsidiaries, partners,
or customers.
© Copyright 2008, Ardent Development
Powered by: newtelligence dasBlog 1.8.5223.1
|
|
|
|
 Tuesday, March 21, 2006
|
|
Membership in the .NET framework 2.0 allows you to add security to your application with little to no code.
When trying to enforce strong password rules in our church software I encountered an interesting problem.
At first I modified the web.config by adding the following line to our membership provider section.
passwordStrengthRegularExpression="(?=.{8,})[a-z]+[^a-z]+|[^a-z]+[a-z]+"
RegEx explained: 8 characters or more in length, at least 1 lowercase letter, at least 1 character that is not a lower letter.
I removed:
minRequiredPasswordLength="0"
minRequiredNonalphanumericCharacters="1"
After some testing I found that even when following the password rules, a password change would fail.
The ChangePassword control, which is part of the Login suite of controls, doesn’t give you any information as to why the password changed failed.
After a few reviews of my RegEx and confirming that the syntax is correct in code and with some useful online regular expression testers (see links below), I tried changing the password using the following code:
MembershipUser mUser = Membership.GetUser(); // gets the current logged in user
//change the password
mUser.ChangePassword(mUser.GetPassword(), “invalidpassword”);
That caused the following exception: System.ArgumentException: Non alpha numeric characters in 'newPassword' needs to be greater than or equal to '1'.
So I added this line:
minRequiredNonalphanumericCharacters="0"
And our password complexity rule started working properly.
I won’t start a debate on the merit of setting the minimum required non alphanumeric characters (say that ten times) to 1, but hopefully this will help someone somewhere some time.
Links:
JavaScript Regular Expression Tester
http://www.roblocher.com/technotes/regexp.aspx
.NET Regular Expression Tester
http://www.dotnetcoders.com/web/Learning/Regex/RegexTester.aspx
Posted by Sebastien Aube 3/21/2006 4:28:48 PM (Atlantic Standard Time, UTC-04:00)
|
|
|
|