Home/ Questions/Q 7713851
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T01:58:36+00:00

I’m working on a password reset function and trying to check to make sure

  • 0

I’m working on a password reset function and trying to check to make sure the new password is at least 7 characters. It will run and pass the new password to the controller and set it as the password for the user but it just uses whatever was entered instead of checking to make sure it meets the password requirements. Thanks for any suggestions 🙂

Here’s the model: 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.ComponentModel.DataAnnotations;

namespace [CompanyName].Models
{
    public class ResetPasswordModel
    {
        [Required]
        [ValidatePasswordLength(7, ErrorMessage = "New passwords must be a minimum of 7 characters, please try a different password.")]
        [DataType(DataType.Password)]
        [Display(Name = "New password")]
        public string NewPassword { get; set; }

        [DataType(DataType.Password)]
        [Display(Name = "Confirm new password")]
        [Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
        public string ConfirmPassword { get; set; }
    }
}

And here’s the page to reset the password:

@model [CompanyName].Models.ResetPasswordModel
@{
    ViewBag.Title = "ResetPassword";
}

@if (Model == null)
{
    <p>
        We could not find your user account in the database.
    </p>
}
else
{

    <script type="text/javascript" src="../../Scripts/jquery.infieldlabel.min.js" ></script>
    <script type="text/javascript">
        $(document).ready(function () {
            $("label").inFieldLabels();
        });
    </script>
    <h2>
        Reset Password</h2>
   <p>
   Please enter your new password below.
   </p>
     <p>
        Note: New passwords are required to be a minimum of 7 characters in length.
    </p>

    <script src="@Url.Content("~/Scripts/jquery.validate.min.js")" type="text/javascript"></script>
    <script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.min.js")" type="text/javascript"></script>

    using (Html.BeginForm())
    {
    <div style="position: relative;">
       <fieldset>
            <legend>Reset Password</legend>
        <label for="NewPassword" style="position:absolute; top: 24px; left: 16px;">New Password</label>



            <div class="editor-field">
                @Html.PasswordFor(m => m.NewPassword)
                @Html.ValidationMessageFor(m => m.NewPassword)
            </div>
            <br />
        <label for="ConfirmPassword" style="position:absolute; top: 64px; left: 16px;">Confirm New Password</label>     


            <div class="editor-field">
                @Html.PasswordFor(m => m.ConfirmPassword)
                @Html.ValidationMessageFor(m => m.ConfirmPassword)
            </div>
            <p>
                <input type="submit" value="reset Password" />
            </p>

        </fieldset>

    </div>
    }
}

Updated model code: 

[Required]
        [DataType(DataType.Password)]
        [Display(Name = "New password")]
        [StringLength(50, MinimumLength = 7, ErrorMessage="New passwords must be a minimum of 7 characters, please try a different password.")]
        public string NewPassword { get; set; }

        [DataType(DataType.Password)]
        [Display(Name = "Confirm new password")]
        [Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
        public string ConfirmPassword { get; set; }

Controller code:

public ActionResult ResetPassword(Guid secureID)
        {
            int id = secureID.FromSecureID();
            var model = new ResetPasswordModel();

            return View(model);
        }

        [HttpPost]
        public ActionResult ResetPassword(Guid secureID, ResetPasswordModel model)
        {

            if (ModelState.IsValid)
            {
                int id = secureID.FromSecureID();
                var user = Database.Users.FirstOrDefault(u => u.ID == id);
                if (user == null)
                {
                    ModelState.AddModelError("ID", "Sorry! We could not find your user name in the database, please try again.");
                    return View(model);
                }
                //else (model.NewPassword == null) {
                //return View();
                //}
                user.PasswordHash = model.NewPassword.ToSha1Hash();
                Database.SubmitChanges();

            }
            return RedirectToAction("ChangePasswordSuccess");
        }

Updated controller code:

[HttpPost]
        public ActionResult ResetPassword(Guid secureID, ResetPasswordModel model)
        {

            if(ModelState.IsValid)
               {  
                int id = secureID.FromSecureID();
                var user = Database.Users.FirstOrDefault(u => u.ID == id);
                if (user == null)
                {
                    ModelState.AddModelError("ID", "Sorry! We could not find your user name in the database, please try again.");
                    return View(model);
                }
                //else (model.NewPassword == null) {
                //return View();
                //}
                user.PasswordHash = model.NewPassword.ToSha1Hash();
                Database.SubmitChanges();
                return RedirectToAction("ChangePasswordSuccess");
            }

            return View(model); 
        }

Updated model code:

namespace [CompanyName].Models
{
    public class ResetPasswordModel
    {
        [Required]
        [DataType(DataType.Password)]
        [Display(Name = "New Password")]
        [StringLength(100, ErrorMessage = "The new must be at least 7 characters long.", MinimumLength = 7)]
        public string Password { set; get; }

        [Required]
        [DataType(DataType.Password)]
        [Compare("Password")]
        [Display(Name = "Confirm New Password")]
        public string ConfirmPassword { set; get; }
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This Properties in your View model will take care of it.

        [Required]
    [DataType(DataType.Password)]
    [Display(Name = "New Password")]
    [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 7)]
    public string NewPassword{ set; get; }

    [Required]
    [DataType(DataType.Password)]
    [Compare("Password")]
    [Display(Name = "Confirm New Password")]
    public string ConfirmPassword { set; get; }

    and in your controller action, you can check for the ModelState.IsValid property to see if the Validation failed or not

     [HttpPost]
 public ActionResult ResetPassword(Guid secureID, ResetPasswordModel model)
 {
   if(ModelState.IsValid)
   {
      // Validation correct, Lets save the new password and redirect to another action
   }
   return View(model);
 }
    • 0