lost password format

J

Jon Paal

when user loses their password, the membership module emails a new password , the format is very complex.

how can I set the format to be simple alphanumeric - say 7 characters long ?
 
J

Juan T. Llibre

When you request a new password, the ResetPassword method is called.
That method will use the password properties you define in web.config.

Modify your web.config as follows, at minimum :

<system.web>
<membership>
<providers>
<clear/>
<add name="YourMembershipProvider"
....snip...
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="7"
/>
</providers>
</membership>
</system.web>

Notice : I snipped off some properties in the "<add name... >" section,
so that the settings you are asking about would be clearly read.

Substitute the name of *your* MembershipProvider, of course.

The random password created by the ResetPassword method is not guaranteed
to pass the regular expression in the PasswordStrengthRegularExpression property.

However, the random password will meet the criteria established by the
MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters properties.

More info at:
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipprovider.resetpassword.aspx
 
J

Jon Paal

I already had those settings in place and they do not control the complexity...

It is always more complex than the regular expression validator and always exceeds the minimums.

so the answer is, it can't be controlled.
 
J

Juan T. Llibre

re:
It is always more complex than the regular expression validator and always exceeds the minimums.
Click to expand...

When I've tested the scenario, the passwords generated have complied with the criteria
configured for MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters.

They did *not*, however, as you say and as the documentation states,
comply with the PasswordStrengthRegularExpression property.

If you are sure that the passwords generated have not complied with the criteria configured for
MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters, bug the behavior at :

http://connect.microsoft.com/feedback/default.aspx?SiteID=210

If you do that, please keep us updated on the reply from Microsoft.
 
J

Jon Paal

yes, as I said, the complexity exceeds the minimum, hence the replacement password "complies".

But I wanted to set the final complexity, not the "minimum" complexity, which cannot be done.
 
M

Ms.Longstocking

Joined
Apr 9, 2008
Messages
1
Reaction score
0
Password complexity for PasswordRecovery control

Has this issue ever been resolved?
I'm in dire straights right now. I implemented the solution and I have users screaming out that their new passwords are not meeting maximum password complexity criteria. Thanks.

Regards,
MizPippz
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to Create a random password generator in a separate window 4
Another Password Confirmation 2
Insight on a coding project. 1
Uhhhhh, What can I do next? 6
Please, help me. 1
Change a users password without knowing the old password nor the answer to the password question 1
Changing a users password without knowing the old password nor the answer to the password question 2
<b>Parse error</b>: syntax error, unexpected variable &quot;$POST&quot;, expecting &quot;)&quot; in <b>the respective file</b> on line<b>2<b> 1

Members online

Total: 1,170 (members: 2, guests: 1,168)
Robots: 82

Forum statistics

Threads
474,175
Messages
2,570,946
Members
47,495
Latest member
Jack William

Latest Threads

Top