ASP NET 4 How can I use Data Annotations with DataType Password with a MinLength property?
public class ChangePasswordObject {
[Required] [DataType(DataType.EmailAddress)]
string email;
[Required]
string authorization_code;
[Required] [DataType(Da开发者_开发技巧taType.Password)]
string password;
}
Should be as easy as:
[Required]
[DataType(DataType.Password)]
[StringLength(20, MinimumLength = 3)]
string password;
The first parameter to StringLength
is the maximum length.
Now for my $0.02:
As noted in the comments, providing minimum and maximum constraints on your password fields tells an attacker a lot about your password requirements, and they could optimize their attack based on this information.
Also, be careful about storing and passing around plaintext passwords -- you should salt+hash them ASAP using a one-way encryption algorithm and a random salt. Verifying passwords should repeat the encryption on the user's input ,using the known salt and comparing the resulting hashes. If you're doing more with a plaintext password than POSTing it, you may want to rethink your security strategy.
Add a StringLength attribute to the password field. An example here - at the bottom of the page.
[MembershipPasswordAttribute(MinRequiredNonAlphanumericCharacters = 4, MinRequiredPasswordLength = 7, MinNonAlphanumericCharactersError = "Alpha", MinPasswordLengthError = "MIN Length")]
[DataType(DataType.Password)]
public string Password { get; set; }
[System.ComponentModel.DataAnnotations.Compare("Password",ErrorMessage ="{0} and {1} should be same")]
public string ComparePassword { get; set; }
精彩评论