Membership in the .NET framework 2.0 allows you to add security to your application with little to no code.
When trying to enforce strong password rules in our church software I encounteredan interesting problem.
At first I modified the web.config by adding the following line to our membershipprovider section.
RegEx explained: 8 characters or more in length, at least 1 lowercase letter,at least 1 character that is not a lower letter.
After some testing I found that even when following the password rules, a passwordchange would fail.
The ChangePassword control, which is part of the Login suite of controls, doesn’tgive you any information as to why the password changed failed.
After a few reviews of my RegEx and confirming that the syntax is correct in codeand with some useful online regular expression testers (see links below), I triedchanging the password using the following code:
MembershipUser mUser = Membership.GetUser(); //gets the current logged in user
//change the password
That caused the following exception: System.ArgumentException: Non alpha numeric charactersin ‘newPassword’ needs to be greater than or equal to ‘1’.
So I added this line:
And our password complexity rule started working properly.
I won’t start a debate on the merit of setting the minimum required non alphanumericcharacters (say that ten times) to 1, but hopefully this will help someone somewheresome time.
.NET Regular Expression Tester