ASP.NET ID: Create a Random Password

Question

ASP.NET ID: Create a Random Password

Is there a built-in function that creates random passwords? Asp.net simple memebership used for a similar method

+7

c # asp.net asp.net-mvc

mLar Feb 12 '15 at 14:34

source share

6 answers

The ASP.NET ID does not have a password generation method.

I am not sure about your specific use case, but I believe that the preferred approach would be to send the user a reset password link that will allow the user to enter their own password. This is generally considered more secure than sending the generated password in plain text.

See the reset Password section in this lesson: http://www.asp.net/identity/overview/features-api/account-confirmation-and-password-recovery-with-aspnet-identity

+8

David paquette Feb 12 '15 at 14:50

source share

Although I was a bit late for the party, I would like to share a helper method that I put together to handle these scripts in an ASP.NET compatible kernel.

The function below provides a decent char distribution by adding arbitrary character types to the string and not changing the required length (if only extreme cases with a lot of unique characters needed, which was implied by the design). It also supports support for the RequiredUniqueChars rule, which is one of the strength requirements available for the ASP.NET Core Identity framework.

  /// <summary> /// Generates a Random Password /// respecting the given strength requirements. /// </summary> /// <param name="opts">A valid PasswordOptions object /// containing the password strength requirements.</param> /// <returns>A random password</returns> public static string GenerateRandomPassword(PasswordOptions opts = null) { if (opts == null) opts = new PasswordOptions() { RequiredLength = 8, RequiredUniqueChars = 4, RequireDigit = true, RequireLowercase = true, RequireNonAlphanumeric = true, RequireUppercase = true }; string[] randomChars = new[] { "ABCDEFGHJKLMNOPQRSTUVWXYZ", // uppercase "abcdefghijkmnopqrstuvwxyz", // lowercase "0123456789", // digits " !@ $?_-" // non-alphanumeric }; Random rand = new Random(Environment.TickCount); List<char> chars = new List<char>(); if (opts.RequireUppercase) chars.Insert(rand.Next(0, chars.Count), randomChars[0][rand.Next(0, randomChars[0].Length)]); if (opts.RequireLowercase) chars.Insert(rand.Next(0, chars.Count), randomChars[1][rand.Next(0, randomChars[1].Length)]); if (opts.RequireDigit) chars.Insert(rand.Next(0, chars.Count), randomChars[2][rand.Next(0, randomChars[2].Length)]); if (opts.RequireNonAlphanumeric) chars.Insert(rand.Next(0, chars.Count), randomChars[3][rand.Next(0, randomChars[3].Length)]); for (int i = chars.Count; i < opts.RequiredLength || chars.Distinct().Count() < opts.RequiredUniqueChars; i++) { string rcs = randomChars[rand.Next(0, randomChars.Length)]; chars.Insert(rand.Next(0, chars.Count), rcs[rand.Next(0, rcs.Length)]); } return new string(chars.ToArray()); }

The function takes the PasswordOptions object as a parameter, which is sent using the Microsoft.AspNetCore.Identity assembly, but you can easily replace it with two groups of int / four bool parameters (or the POCO class) if you do not have this package installed.

In the likely case that you have in your ASP.NET Core project, you can use the same object that was used with the ConfigureService method of the Startup class to determine password requirements:

 [...] // Add ASP.NET Identity support services.AddIdentity<ApplicationUser, IdentityRole>( opts => { opts.Password.RequireDigit = true; opts.Password.RequireLowercase = true; opts.Password.RequireUppercase = true; opts.Password.RequireNonAlphanumeric = false; opts.Password.RequiredLength = 7; }) .AddEntityFrameworkStores<ApplicationDbContext>(); [...]

You can also read more about this helper function here .

+4

Darkseal Sep 14 '17 at 10:36

source share

Membership.GeneratePassword() create a password that does not match the ID.

I wrote a simple function that examines the UserManager Validator to create the correct random password to assign to the user.

It simply generates random characters and checks to see if the characters match the validator's requirements. If the requirements are not met, he adds the remaining characters to comply with the rules.

 private string GeneratePassword(MessagePasswordValidator validator) { if (validator == null) return null; bool requireNonLetterOrDigit = validator.RequireNonLetterOrDigit; bool requireDigit = validator.RequireDigit; bool requireLowercase = validator.RequireLowercase; bool requireUppercase = validator.RequireUppercase; string randomPassword = string.Empty; int passwordLength = validator.RequiredLength; Random random = new Random(); while (randomPassword.Length != passwordLength) { int randomNumber = random.Next(48, 122); // >= 48 && < 122 if (randomNumber == 95 || randomNumber == 96) continue; // != 95, 96 _' char c = Convert.ToChar(randomNumber); if (requireDigit) if (char.IsDigit(c)) requireDigit = false; if (requireLowercase) if (char.IsLower(c)) requireLowercase = false; if (requireUppercase) if (char.IsUpper(c)) requireUppercase = false; if (requireNonLetterOrDigit) if (!char.IsLetterOrDigit(c)) requireNonLetterOrDigit = false; randomPassword += c; } if (requireDigit) randomPassword += Convert.ToChar(random.Next(48, 58)); // 0-9 if (requireLowercase) randomPassword += Convert.ToChar(random.Next(97, 123)); // az if (requireUppercase) randomPassword += Convert.ToChar(random.Next(65, 91)); // AZ if (requireNonLetterOrDigit) randomPassword += Convert.ToChar(random.Next(33, 48)); // symbols !"#$%&'()*+,-./ return randomPassword; }

and call:

 string password = GeneratePassword(UserManager.PasswordValidator as MessagePasswordValidator);

+2

RFex Mar 2 '17 at 23:25

source share

I know this is a little old question, and there were others that used a random password generation source, but Membership.GeneratePassword is implemented as follows:

Fortunately, this is licensed under the MIT license https://github.com/Microsoft/referencesource/blob/master/LICENSE.txt

 public class PasswordStore { private static readonly char[] Punctuations = " !@ #$%^&*()_-+=[{]};:>|./?".ToCharArray(); private static readonly char[] StartingChars = new char[] { '<', '&' }; /// <summary>Generates a random password of the specified length.</summary> /// <returns>A random password of the specified length.</returns> /// <param name="length">The number of characters in the generated password. The length must be between 1 and 128 characters. </param> /// <param name="numberOfNonAlphanumericCharacters">The minimum number of non-alphanumeric characters (such as @, #, !, %, &amp;, and so on) in the generated password.</param> /// <exception cref="T:System.ArgumentException"> /// <paramref name="length" /> is less than 1 or greater than 128 -or-<paramref name="numberOfNonAlphanumericCharacters" /> is less than 0 or greater than <paramref name="length" />. </exception> public static string GeneratePassword(int length, int numberOfNonAlphanumericCharacters) { if (length < 1 || length > 128) throw new ArgumentException("password_length_incorrect", nameof(length)); if (numberOfNonAlphanumericCharacters > length || numberOfNonAlphanumericCharacters < 0) throw new ArgumentException("min_required_non_alphanumeric_characters_incorrect", nameof(numberOfNonAlphanumericCharacters)); string s; int matchIndex; do { var data = new byte[length]; var chArray = new char[length]; var num1 = 0; new RNGCryptoServiceProvider().GetBytes(data); for (var index = 0; index < length; ++index) { var num2 = (int)data[index] % 87; if (num2 < 10) chArray[index] = (char)(48 + num2); else if (num2 < 36) chArray[index] = (char)(65 + num2 - 10); else if (num2 < 62) { chArray[index] = (char)(97 + num2 - 36); } else { chArray[index] = Punctuations[num2 - 62]; ++num1; } } if (num1 < numberOfNonAlphanumericCharacters) { var random = new Random(); for (var index1 = 0; index1 < numberOfNonAlphanumericCharacters - num1; ++index1) { int index2; do { index2 = random.Next(0, length); } while (!char.IsLetterOrDigit(chArray[index2])); chArray[index2] = Punctuations[random.Next(0, Punctuations.Length)]; } } s = new string(chArray); } while (IsDangerousString(s, out matchIndex)); return s; } internal static bool IsDangerousString(string s, out int matchIndex) { //bool inComment = false; matchIndex = 0; for (var i = 0; ;) { // Look for the start of one of our patterns var n = s.IndexOfAny(StartingChars, i); // If not found, the string is safe if (n < 0) return false; // If it the last char, it safe if (n == s.Length - 1) return false; matchIndex = n; switch (s[n]) { case '<': // If the < is followed by a letter or '!', it unsafe (looks like a tag or HTML comment) if (IsAtoZ(s[n + 1]) || s[n + 1] == '!' || s[n + 1] == '/' || s[n + 1] == '?') return true; break; case '&': // If the & is followed by a #, it unsafe (eg &#83;) if (s[n + 1] == '#') return true; break; } // Continue searching i = n + 1; } } private static bool IsAtoZ(char c) { if ((int)c >= 97 && (int)c <= 122) return true; if ((int)c >= 65) return (int)c <= 90; return false; } }

+1

Rubenisme Oct 4 '16 at 14:50

source share

https://msdn.microsoft.com/en-us/library/system.guid.newguid(v=vs.110).aspx Check this out. The GUID should work just fine (just remove all “-” from it and reduce the number you need if characters)

-5

Andrey Feb 12 '15 at 14:40

source share

Cristi roman · Accepted Answer · 2015-02-12T14:37:25+0000

What framework do you use?

Check here :

string password = Membership.GeneratePassword(12, 1);

ASP.NET ID: Create a Random Password

More articles: