Home/ Questions/Q 7034389
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T01:10:48+00:00

Here is my Web.config file <membership> <providers> <clear /> <add name=AspNetSqlMembershipProvider type=System.Web.Security.SqlMembershipProvider connectionStringName=ApplicationServices maxInvalidPasswordAttempts=5

  • 0

Here is my Web.config file

<membership>
        <providers>
            <clear />
            <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8"  minRequiredNonalphanumericCharacters="0" passwordStrengthRegularExpression="^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])|(?=.*[a-z])(?=.*[A-Z])(?=.*[!%,.;:])|(?=.*[a-z])(?=.*[0-9])(?=.*[!%,.;:])|(?=.*[A-Z])(?=.*[0-9])(?=.*[!%,.;:])$" passwordAttemptWindow="10" applicationName="/" />
        </providers>
    </membership>

Here i want to restrict new user password with few conditions::

Password strength:

  1. Contain characters from three of the following four categories:
    English uppercase characters (A through Z)
    English lowercase characters (a through z)
    Base 10 digits (0 through 9)
    Non-alphabetic characters (for example, !, $, #, %)
  2. password Not contain the user’s account name

As you can see there is passwordStrengthRegularExpression attribute i used in web.config section to match 1st condition( that Membership provide).
Need solution to achieve second condition.

In short:: I need to customize membership to match condition(character complexity enforced. ie:password Not contain the user’s account name)

Updated::

I did what Eranga suggested me in my application . Now i also want to Display appropriate message when Membership createUser fails(on several customized condition).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can sub class from your default provider and handle the ValidatingPassword event. There you can cancel the validation if it does not meet your second criteria.

    public class MyMembershipProvider : SqlMembershipProvider 
{
    public MyMembershipProvider()
    {
        ValidatingPassword += ValidatePassword;
    }

    void ValidatePassword(object sender, ValidatePasswordEventArgs e)
    {
         if (e.Password.Contains(e.UserName))
         {
             e.Cancel = true;
             e.FailureInformation = new Exception("blah blah");
         }
    }
}

    Your Web.Config file should include the following. Make sure you give the full name of your custom membership class for the type attribute.

       <membership>
        <providers>
            <clear />
            <add name="MyMembershipProvider" type="MyNamespace.MyMembershipProvider" connectionStringName="ApplicationServices" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8"  minRequiredNonalphanumericCharacters="0" passwordStrengthRegularExpression="^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])|(?=.*[a-z])(?=.*[A-Z])(?=.*[!%,.;:])|(?=.*[a-z])(?=.*[0-9])(?=.*[!%,.;:])|(?=.*[A-Z])(?=.*[0-9])(?=.*[!%,.;:])$" passwordAttemptWindow="10" applicationName="/" />
        </providers>
    </membership>
    • 0