Changing the password rules for Forms Authentication

An annoying feature of the forms authentication controls shipped with VS2005 is that it forces users to enter non-alphanumberic characters in their passwords by default.. e.g. password would have to be password!

Fortunately, this option can be turned off by adding a membership provider section to your web.config

The following setting controls the non-alphanumeric.. 

minRequiredNonalphanumericCharacters="0"

Below is an example of what you need to add to the <system.web> section 

<membership>
    <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" 
                  connectionStringName="LocalSqlServer" 
                  enablePasswordRetrieval="false" 
                  enablePasswordReset="true" 
                  requiresQuestionAndAnswer="true" 
                  applicationName="/YourWebSiteName" 
                  requiresUniqueEmail="false" 
                  passwordFormat="Hashed" 
                  maxInvalidPasswordAttempts="5" 
                  minRequiredPasswordLength="6" 
                  minRequiredNonalphanumericCharacters="0" 
                  passwordAttemptWindow="10" 
                  passwordStrengthRegularExpression="" 
                  type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
    </providers>
</membership>
Author Paul Hayman

Paul is the COO of kwiboo ltd and has more than 20 years IT consultancy experience. He has consulted for a number of blue chip companies and has been exposed to the folowing sectors: Utilities, Telecommunications, Insurance, Media, Investment Banking, Leisure, Legal, CRM, Pharmaceuticals, Interactive Gaming, Mobile Communications, Online Services.

Paul is the COO and co-founder of kwiboo (http://www.kwiboo.com/) and is also the creator of GeekZilla.

Add Comment

Name
Comment
 

Your comment has been received and will be shown once it passes moderation.