I've inherited quite a complex ASP.NET website, which uses AspNetSqlMembershipProvider member authentication. There's a reset password feature on the site which resets a users password and emails it to them. However, users are struggling because the new auto-generated password is very complex: 14 characters of punctuation, numbers and letters. Some users (it has an elderly user-base) don't even know how to create some of the characters on their keyboards.
So I've been asked to force the auto-generated passwords to be 7 characters in length and if possible only contain alphanumeric characters.
I've read this post http://weblogs.asp.net/owscott/archive/2005/05/11/Changing-the-Password-Complexity-in-ASP.NET-V2.0.aspx which some开发者_StackOverflow中文版one on a different Stack Overflow question posted as a helpful link, but it doesn't seem to relate to auto-generated passwords, only user-generated ones.
The line in the web.config file is like this:
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=y03f5f7f11d50a34" connectionStringName="theSite" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="theSiteApp" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
Does anyone know how to tame auto-generated passwords?
I've found a solution - albeit a little hacky: forums.asp.net/p/1148079/2175576.aspx.
精彩评论