开发者

Add Password Requirements to Membership Provider

Do I need to make a Custom Membership Provider or is there another way?

I have a project using ASP.NET Forms Authentication and the Microsoft SQL Membership Provider. The website is DONE. I use this provider everywhere. (Register, Login, Forgot Password, etc...)

Until now, my website users have not needed complex passwords. The users' passwords were really just pins. The user could select anything for a password in the past. I had almost no restrictions for this website because none of the data is private or personal.

However I have received new requirements.

Here are the new password requirements:

  • Passwords must be at least 8 characters in length.
  • Passwords must be created using 3 of the following 4 character types:
    • Uppercase
    • Lowercase
    • Numeric
    • Punctuation
  • Do not use your name or User ID in the password.
  • Do not use old passwords again later.
  • Passwords must be changed at least every 60 days.
  • Passwords may not contain your User ID or any part of your full name.
  • Password history retention will prohibit use of the last 24 passwords.
  • Passwords may be changed by users only once in any 6-day period.

I realize I am going to have to modify all of the following pages: Register, Login, Forgot Password, etc... fortunately I stopped using the default controls a long time ago.

I appreciate your thoughts.

My first thought was that I need to write a Custom Membershi开发者_如何学Gop Provider. I don't know how to make the standard provider to do most of this. I could write code to do.

  • Do I modify the aspnet_membership table?
  • Should I add my own table aspnet_something?
  • Can the user profile table be used for this problem?
  • Do I need my own MembershipUser class?

Thanks.


You need to listen to the ValidatingPassword event.

See ASP.NET Membership ChangePassword control - Need to check for previous password for sample code of how to do this.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜