Geek Answers Handbook

Password validator for MembershipProvider?

I would like to confirm the password field for creating / updating users in asp.net (.net 3.5). Password will be used for MembershipProvider .

What is the best way to implement this so that the verification uses the membership provider configuration settings? Of course, I can just write the code, but it seems like something so fundamental that there must be an accessible way for this.

[edit] explained that this is a password field for new users or for changing passwords, so ValidateUser does not help.

+4
source share
3 answers

I would say that the answer is no, because SqlMembershipProvider does not call the password verification method in its ChangePassword and CreateUser . Using the Reflector, you can see that it passes the same set of checks in both methods (see below). Therefore, I would say that writing your own function as you do is the way to go.

 if (newPassword.Length < this.MinRequiredPasswordLength) { throw new ArgumentException(SR.GetString("Password_too_short", new object[] { "newPassword", this.MinRequiredPasswordLength.ToString(CultureInfo.InvariantCulture) })); } int num3 = 0; for (int i = 0; i < newPassword.Length; i++) { if (!char.IsLetterOrDigit(newPassword, i)) { num3++; } } if (num3 < this.MinRequiredNonAlphanumericCharacters) { throw new ArgumentException(SR.GetString("Password_need_more_non_alpha_numeric_chars", new object[] { "newPassword", this.MinRequiredNonAlphanumericCharacters.ToString(CultureInfo.InvariantCulture) })); } if ((this.PasswordStrengthRegularExpression.Length > 0) && !Regex.IsMatch(newPassword, this.PasswordStrengthRegularExpression)) { throw new ArgumentException(SR.GetString("Password_does_not_match_regular_expression", new object[] { "newPassword" })); }
+2
source

Reset your own provider, inherited from the built-in:

 public class SqlMembershipProvider : System.Web.Security.SqlMembershipProvider { // called on login attempt public override bool ValidateUser(string userName, string password) { // do your logic // use built-in properties, parsed by base class for you, such as: if (password.Length < this.MinRequiredPasswordLength) { } //if ok, then: base.ValidateUser(userName, password); } // called on new user creation attempt public override MembershipUser CreateUser(string userName, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { // do your logic //if ok, then: base.CreateUser(...); }
0
source

What exactly do you mean by confirmation?

There is a way for the password to be of a certain length and make it difficult (for example, 6 alphanumeric, 6 nonalphanumerical), but I do not have access to my notes on this subject.

All this will be done in the configuration file for the application itself. I have to agree that you need to use your own function, there is no reason not to do this, as I assume that you want to extend the default behavior.

I quickly looked through Google, found what I was thinking about, although my notes are deeper.

 <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow = "20> <providers> <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SqlServices" requiresQuestionAndAnswer="true" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" /> </providers> </membership>

It should be clear to me if you want to do anything outside of "Verifies that the specified username and password exist in the data source. You need your own provider.

I honestly do not understand the reason why you do not want to use your own provider ....

0
source

More articles:


All Articles