lost password format

  • Thread starter Thread starter Jon Paal
  • Start date Start date
J

Jon Paal

when user loses their password, the membership module emails a new password , the format is very complex.

how can I set the format to be simple alphanumeric - say 7 characters long ?
 
When you request a new password, the ResetPassword method is called.
That method will use the password properties you define in web.config.

Modify your web.config as follows, at minimum :

<system.web>
<membership>
<providers>
<clear/>
<add name="YourMembershipProvider"
....snip...
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="7"
/>
</providers>
</membership>
</system.web>

Notice : I snipped off some properties in the "<add name... >" section,
so that the settings you are asking about would be clearly read.

Substitute the name of *your* MembershipProvider, of course.

The random password created by the ResetPassword method is not guaranteed
to pass the regular expression in the PasswordStrengthRegularExpression property.

However, the random password will meet the criteria established by the
MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters properties.

More info at:
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipprovider.resetpassword.aspx





Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
I already had those settings in place and they do not control the complexity...

It is always more complex than the regular expression validator and always exceeds the minimums.

so the answer is, it can't be controlled.
 
re:
It is always more complex than the regular expression validator and always exceeds the minimums.
Click to expand...

When I've tested the scenario, the passwords generated have complied with the criteria
configured for MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters.

They did *not*, however, as you say and as the documentation states,
comply with the PasswordStrengthRegularExpression property.

If you are sure that the passwords generated have not complied with the criteria configured for
MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters, bug the behavior at :

http://connect.microsoft.com/feedback/default.aspx?SiteID=210

If you do that, please keep us updated on the reply from Microsoft.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
yes, as I said, the complexity exceeds the minimum, hence the replacement password "complies".

But I wanted to set the final complexity, not the "minimum" complexity, which cannot be done.
 
Back
Top