How to enforce strong passwords using membership You can strengthen user password requirements by configuring the attributes minRequiredPasswordLength, minRequiredNonAlphanumericCharacters, and passwordStrengthRegularExpression on your membership provider configuration.
If you are using the SqlMembershipProvider, the default password strength is set to a minimum password length of 7 characters with at least one non-alphanumeric character.
If you are using the ActiveDirectoryMembershipProvider with Active Directory, your domain password policy is used by default, although you can further strengthen password policy by overriding this with your membership configuration by using the attributes listed earlier.
Similarly, if you are using ActiveDirectoryMembershipProvider with ADAM, your local password policy is used, although you can override this with your membership configuration.
=========================
By default membership provider in .net has a password policy that restricts you to have passwords of length 7 (at least) and one character among those 7 must be Alph-Numeric. There are various conditions that you want to overlook this policy. Following are the ways:
Using minimum length and non-alphanumeric character (replace curly bracket with <>)
(membership ...)
(providers)
(add minRequiredPasswordLength=5 minRequiredNonalphanumericCharacters=0 /)
(/providers)
(/membership)
A good article on understanding advanced properties of Membership: http://4guysfromrolla.com/articles/052009-1.aspx
No comments:
Post a Comment