Add Password Requirements To Membership Provider?
Sep 8, 2010
Do I need to make a Custom Membership Provider or is there another way?
I have a project using ASP.NET Forms Authentication and the Microsoft SQL Membership Provider. The website is DONE. I use this provider everywhere. (Register, Login, Forgot Password, etc...) Until now, my website users have not needed complex passwords. The users' passwords were really just pins. The user could select anything for a password in the past. I had almost no restrictions for this website because none of the data is private or personal. However I have received new requirements.
Here are the new password requirements:
Passwords must be at least 8 characters in length. Passwords must be created using 3 of the following 4 character types:
Uppercase
Lowercase
Numeric
Punctuation
Do not use your name or User ID in the password. Do not use old passwords again later. Passwords must be changed at least every 60 days. Passwords may not contain your User ID or any part of your full name. Password history retention will prohibit use of the last 24 passwords. Passwords may be changed by users only once in any 6-day period.
I realize I am going to have to modify all of the following pages: Register, Login, Forgot Password, etc... fortunately I stopped using the default controls a long time ago.
My first thought was that I need to write a Custom Membership Provider. I don't know how to make the standard provider to do most of this. I could write code to do.
Do I modify the aspnet_membership table? Should I add my own table aspnet_something? Can the user profile table be used for this problem? Do I need my own MembershipUser class?
View 1 Replies
Similar Messages:
Jun 28, 2010
Does anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.
View 2 Replies
Jan 13, 2010
I using change password control, how can i change the password without enter the current password?
View 8 Replies
Sep 9, 2010
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
View 1 Replies
Mar 26, 2010
How can I set up membership provider to only accept passwords that adhere to the following rules:
Minimum 6 characters
Contains at least one letter and number
Should be case sensitive
View 1 Replies
Feb 9, 2011
I am using Membership provider.. I integrated the aspnet member tables into my database.
I need the user to enter password on a data entry form and validate it against the membership tables.
How can I do this. This is the set up. I have few fields and user enters those fields and also enters the password, and submits the form. It is kind of like signature... i am looking for something like..
If txtPassword.text = membershipprovider password
{
//do this...
}
View 1 Replies
Oct 12, 2010
I am using a custom membership provider with a custom ValidateUser method. The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer). I created a custom stored procedure for ValidateUser to call. I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below. My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):
public static string EncodePasswordNow(string originalPassword)
{
Byte[] originalBytes;
[code]...
View 1 Replies
Mar 30, 2010
I'm using a website as a frontend and all users are authenticated with the standard ASP.NET Membership-Provider. Passwords are saved "hashed" within a SQL-Database.Now I want to write a desktop-client with administrative functions. Among other things there should be a method to reset a users password. I can access the database with the saved membership-data, but how can I manually create the password-salt and -hash? Using the System.Web.Membership Namespace seems to be inappropriate so I need to know how to create the salt and hash of the new password manually.
View 4 Replies
Jan 6, 2010
I use access membership prvider and it works. but I am unable to recover passwork. It says that "" membership provider doesn't support to get and zero password." It gives me the error in turkish and I translated it. Something like that. I am using the below code;
[Code]....
how can I do that?
View 3 Replies
Nov 30, 2010
We are trying to implment some forms written in ASP.NET 2.0 and I'm trying to understand what Windows server version requirements are needed when contacting a web hosting provider etc? I see there are many versions from 1.0, 2.0, 3.5 and 4.0 which appears to be the latest version, well as far as I can see. Therefore if we sign up for hosting services and the provider only have only version 4 will this be backward compatible to support our ASP.NET 2.0 forms?
View 3 Replies
Jun 16, 2010
I have a membership provider in my web.config with the passwordStrengthRegularExpression attribute set. I dropped an asp:CreateUserWizard in a page and tried to create a user with a weak password (ie didn't match the regex in the web.config). The validation fails and displays the message
Password length minimum: 7. Non-alphanumeric characters required: 1.
The message corresponds to the default password strength requirement. I know it's using the value I have set in the web.config to validate against but how do I change/set/override the error message that gets displayed when the validation fails?
View 1 Replies
May 25, 2010
Is it possible to implement a "forgot password" using ASP.Net membership provider?
View 1 Replies
Sep 27, 2010
I have watched the how to video on Creating a Custom Membership provider. So far it works great. My login control interacts well with it etc. Now i've created a Custom Role Provider. I've created a class that inherits the RoleProvider base class and i've added code to each Sub. My question is, what is the best way to implement the role provider, considering I get the Roles etc from the database?
View 11 Replies
Jul 27, 2010
I am trying to build an application that
1. user can login by their AD account and password.
2. AD account can be assigned to different group.
I know there is a training video - [URL] to teach how to use the tool to provision the membership schema to SQL server for Forms authentication. but how can I use AD authentication with this?
View 1 Replies
Dec 1, 2010
i have implemented custom role provider and membership provider .
login page : SignIn.aspx
on successful login it redirects to (index-Homepage.aspx)
now PROBLEM is when it successfully logged in ,and redirects to 'index-Homepage.aspx' it gives Anornymoustemplate ..while its verifying the role correctly in index-Homepage.aspx.cs
View 1 Replies
Dec 1, 2010
1 - whats the difference between Role Provider and Membership provider ??
2- If we implement Custom Role Provider or Custom Membership provider then what does this means ? and which Provider do we use when we apply custom role provider or custom membership provider
View 4 Replies
Mar 27, 2010
i'm building an application and i need to manage roles, users and more things so i tought to use the membership provider but i have some questions about it: can i full extend it and can i override the functions to use a database table to store infos about config or i need to build my own provider?
View 4 Replies
Dec 16, 2010
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
<properties>
<add name="FirstName"/>
<add name="LastName"/>
</properties>
</profile>
I have the code snippet above in my webconfig file. I am attempting to set the FirstName property in codebehind on a register.aspx page. Like this:
Profile.FirstName = ((TextBox)RegisterUser.CreateUserStep.ContentTemplateContainer.FindControl("FirstName")).Text;
VS says Profile is in System.Web.Profile Namespace. I then use it like this "System.Web.Profile.FirstName", but says first name does not exist in System.Web.Profile.FirstName namespace.
How do I set the property and later retrieve it?
View 3 Replies
Apr 12, 2010
How can I use Membership.GeneratePassword to return a password that ONLY contains alpha or numeric characters? The default method will only guarantee a minimum and not a maximum number of non alphanumeric passwords.
View 2 Replies
Sep 21, 2010
Am using ASP.NET membership authentication in a small website and i just noticed some thing funny during testing. Am trying to enable user to change their login password any time they wish, i dragged a change password control to the form, i changed the password for my test account, but now all passwords are still working.
I can login with the old password as well as the new password with this particular test account. If i try with any other random characters as the new password, i cant successfully login (which OK). But if type the old password, am able to login, if i type the new password, am still able to login, am finding this very strange.
View 2 Replies
Jan 5, 2011
This is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
webconfig:
[code]....
View 1 Replies
Mar 4, 2011
I am building my first asp.net app from scratch. I have two different membership providers. One is a basic sql provider while the other is active directory. The user "role" is determined by how the user logs in. I want to use the Role Manager functionality of asp.net but I don't want to build the whole role provider part when I really don't have "roles" in my application, I have two membership types.
Is there a way to set the role of the user through the membership provider at login or in some way mark a logged in user as having been authenticated by sql or AD?
This is my first asp.net app, am I even thinking about this the right way?
View 2 Replies
Jun 11, 2010
How i can realise my own Membership Provider for my social network example project where i want to use more extended registration with new fields?
View 3 Replies
Dec 13, 2010
I am using SQL Membership Provider to create user accounts for my web site and for some reason, the CreateDate and LastLoginDate fields are NOT saving the current time of my machine when I add a new user to the website. It is showing the previous day's date and the time is displayed as PM when it's AM and vise-versa in the CreateDate and LastLoginDate fields in aspnet_Membership table. I am developing and running the website via localhost on my laptop using IIS 7 (Windows 7). Does this have anything to do with my laptop's clock settings or is there something I need to configure in the web.config file or in IIS.
View 4 Replies
Apr 10, 2010
The default implementation is not very appropriate normally and I haven't seen so far a good implementation of a custom membership provider, probably because this is not possible.
View 1 Replies
