public class ChangePasswordObject { [Required] [DataType(DataType.EmailAddress)] string email; [Required] string authorization_code; [Required] [DataType(DataType.Password)] string

Question

0

Asked: May 23, 20262026-05-23T01:44:55+00:00 2026-05-23T01:44:55+00:00

public class ChangePasswordObject { [Required] [DataType(DataType.EmailAddress)] string email; [Required] string authorization_code; [Required] [DataType(DataType.Password)] string

0

public class ChangePasswordObject {

    [Required] [DataType(DataType.EmailAddress)]
    string email;
    [Required]
    string authorization_code;
    [Required] [DataType(DataType.Password)]
    string password;
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T01:44:56+00:00

Should be as easy as:

[Required] 
[DataType(DataType.Password)]
[StringLength(20, MinimumLength = 3)]
string password;

The first parameter to StringLength is the maximum length.

Now for my $0.02:

As noted in the comments, providing minimum and maximum constraints on your password fields tells an attacker a lot about your password requirements, and they could optimize their attack based on this information.

Also, be careful about storing and passing around plaintext passwords — you should salt+hash them ASAP using a one-way encryption algorithm and a random salt. Verifying passwords should repeat the encryption on the user’s input ,using the known salt and comparing the resulting hashes. If you’re doing more with a plaintext password than POSTing it, you may want to rethink your security strategy.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

public class ChangePasswordObject { [Required] [DataType(DataType.EmailAddress)] string email; [Required] string authorization_code; [Required] [DataType(DataType.Password)] string

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply