开发者

ASP NET 4 How can I use Data Annotations with DataType Password with a MinLength property?

public class ChangePasswordObject {

    [Required] [DataType(DataType.EmailAddress)]
    string email;
    [Required]
    string authorization_code;
    [Required] [DataType(Da开发者_开发技巧taType.Password)]
    string password;
}


Should be as easy as:

[Required] 
[DataType(DataType.Password)]
[StringLength(20, MinimumLength = 3)]
string password;

The first parameter to StringLength is the maximum length.


Now for my $0.02:

As noted in the comments, providing minimum and maximum constraints on your password fields tells an attacker a lot about your password requirements, and they could optimize their attack based on this information.

Also, be careful about storing and passing around plaintext passwords -- you should salt+hash them ASAP using a one-way encryption algorithm and a random salt. Verifying passwords should repeat the encryption on the user's input ,using the known salt and comparing the resulting hashes. If you're doing more with a plaintext password than POSTing it, you may want to rethink your security strategy.


Add a StringLength attribute to the password field. An example here - at the bottom of the page.


[MembershipPasswordAttribute(MinRequiredNonAlphanumericCharacters = 4, MinRequiredPasswordLength = 7, MinNonAlphanumericCharactersError = "Alpha", MinPasswordLengthError = "MIN Length")]
[DataType(DataType.Password)]
public string Password { get; set; }

[System.ComponentModel.DataAnnotations.Compare("Password",ErrorMessage  ="{0} and {1} should be same")]
public string ComparePassword { get; set; }
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜