SalmonTraining Go Daddy Zone - ASP.NET and SQL Server

ASP.Net Membership

Going Live on Go Daddy : the Membership Website

Club Starter Kit

Going Live on Go Daddy : the Club Starter Kit

Personal Starter Kit

Going Live on Go Daddy : the Personal Starter Kit

Database-Driven Site

Going Live on Go Daddy: Database-Driven Web Sites

Copying Databases

Deploying and Downloading your SQL Server database - Go Daddy Shared Hosting

SQL Server BOOK

Developing Stored Procedures for SQL Server

Relaxing Password Restrictions for ASP.Net 2.0 Logins

Summary

You and your members will be creating accounts on your website by choosing a login and password. By default, ASP.NET 2.0 applies rather strict rules to passwords: they must be at least eight characters long, contain a mix of upper and lower-case, and contain a non-alphanumeric character.

By non-alphanumeric we mean a character such as "*" or "&", and many users find that restriction very annoying, or simply don't understand it. This article shows how to relax the restrictions.

---

Relaxing the Restrictions

You can relax the password restrictions by placing an entry into the web.config file.

The example we show in this article adds a section to our web.config file that sets the minimum length to 5 and removes the non-alphanumeric requirement by setting it to zero.

Place this section within the <system.web> tag in your config file to relax the passwords. You can copy-and-paste it after the <authentication mode = "Forms"> tag (and before the </system.web> closing tag). Be careful that you copy-and-paste the exact format in the correct place, otherwise you'll get an error.

The Web.Config Entry

<membership>
<providers>
<clear/>
<add name = "AspNetSqlMembershipProvider"
type = "System.web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName = "LocalSqlServer"
enablePasswordRetrieval="False"
enablePasswordReset="True"
requiresQuestionAndAnswer="True"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10" 
minRequiredPasswordLength = "5" 
minRequiredNonalphanumericCharacters = "0" 
passwordStrengthRegularExpression = ""  />
</providers>
</membership>

Notes on the Web.Config Entry

Note that this example assumes you're using most of the default settings, including an applicationName of "/". If you've changed the ApplicationName, change this setting appropriately.

There are two settings that relax the password restrictions. The setting called "minRequiredPasswordLength" does what it sounds like - we're using a value of five.

The setting called "minRequiredNonalphanumericCharacters" is less obvious - this removes the need to have characters such as * or & in the password.

Be careful to use quotes when changing the numeric values.

 

---

Submitted: 21 June 2007

Author: Margaret Cruise O'Brien

(c) M.C.O.B. Technology 2007

Home | Contact Us | About Us | Privacy Policy | Legal

© M.C.O.B. Technology Limited, 2006