I came across an interesting issue today. I used the ResetPassword method provided by C# membership class to reset the password of a user and found out that although it allows us to define the password strength using a regular expression in the web.config file, it does not guarantee that the generated password adheres to the rules defined by the expression. Microsoft says and I quote
"The random password created by the ResetPassword method is not guaranteed to pass the regular expression in the PasswordStrengthRegularExpression property. However, the random password will meet the criteria established by the MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters properties."
So to tackle the issue, I used the Regex class. The revised code is shown below
var isNotMatch = true;
while(isNotMatch)
{
resetpwd = manager.ResetPassword();
var matcher=new Regex(Membership.PasswordStrengthRegularExpression);
isNotMatch = !(matcher.IsMatch(resetpwd));
}
This code snippet will force the ResetPassword to fire until a password adhering to the rules defined by the regular expression is generated.
Welcome
"Happy are those who dream dreams and are ready to pay the price to make them come true"
About Me
My Home @ google Map
- Dhanushka Athukorala
- Colombo, Western Province, Sri Lanka
- I'm a Microsoft Certified Professional (MCP-ASP.net) who is currently working as a Software Engineer @ Aeturnum. I have experience in windows, web, mobile application development using .net framework 2.0, 3.5, 4.0 and .net compact framework 2.0 and 3.5 and i have also carried out development projects in C++, C, VB.net, Java, PHP, Pl/SQL, SQL, XNA, AJAX, Jquery etc...
Followers
Who Visited This Page
Posted by
Dhanushka Athukorala
Friday, December 3, 2010
Subscribe to:
Post Comments (Atom)