Eliminating Password Complexity


Introduction

To be very frenk, when I was developing my own first web application project. I was very worried about password complexity available in ASP.Net. By default when we create user using CreateUserWizard it asks for password in the form of 7 characters and at least 1 non-alphanumeric character. For example ‘Helloindia2010’. If we eliminate the rules then it shows ‘Please enter different password’. Non-alphanumeric character means */_^#@ etc. 

To handle such problem there are couple of solutions. In this article we will discuss the simplest way to eliminate the password complexity. 

The provider that controls this is the membership provider. This is set by default in the Web.config file. The two properties that control this are minRequiredPasswordLength and minRequiredNonalphanumericCharacters. They aren't in Web.config by The minRequiredPasswordLength property must be at least 1, while the minReqiredNonalphanumericCharacters property can be 0. Here is an example of the two lines to add which removes the requirements completely and allows the user to decide on their password. Don't hold me accountable if you open this too much, but I give this example as the other extreme of the default settings. 

minRequiredPasswordLength="4" //user your own length

minRequiredNonalphanumericCharacters="0" 

Here is an example of a complete Web.config file that could be used. Look at the section between and including <membership> and </membership> and place it in your <system.web> section.


<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf" />
  </connectionStrings>
  <system.web>
    <membership>
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add name="AspNetSqlMembershipProvider"
                  type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  connectionStringName="LocalSqlServer"
                  enablePasswordRetrieval="false"
                  enablePasswordReset="true"
                  requiresQuestionAndAnswer="true"
                  applicationName="/"
                  requiresUniqueEmail="false"
                  minRequiredPasswordLength="4"
                  minRequiredNonalphanumericCharacters="0"
                  passwordFormat="Hashed"
                  maxInvalidPasswordAttempts="5"
                  passwordAttemptWindow="10"
                  passwordStrengthRegularExpression="" />
      </providers>
    </membership>
  </system.web>
</configuration>





In above code, underlined codings are important issue of this article. After modification as instructed, run your project and look the easy magics. 

Comments

Post a Comment

Popular posts from this blog

Customize User's Profile in ASP.NET Identity System

Image
Note: You should read this post instead, I found below walkthrough will not work on ASP.NET Identity 2. I will re-work on this post soon. In this post you will learn how to customize User’s Profile and add some more fields like FirstName, LastName, EmailID etc with ASP.NET Identity System. In my last post I listed some of the great new features introduced with Identity system .
Read More »

Lambda two tables and three tables inner join code samples

In this blog post you will learn inner join using lambda queries. There will be two samples, in first sample you will see how you can join two tables and in second sample you will see how you can extend even further to join three tables and so on. I will sample in-memory data, but the same implementation will work with IQueryable (lazy query) too. Here's the code snippet:- namespace ConsoleApp1 {     class Program     {         static void Main()         {             var table1 = new List<Table1>();             table1.Add( new Table1 { Id = 1, Name = "Name 1" , Address = "Address 1" });             table1.Add( new Table1 { Id = 2, Name = "Name 2" , Address = "Address 2" });  ...
Read More »