Active Directory Application Mode with Visual Studio.Net 2005 (Part 2 of 2)

  • Article

When you first setup either the SqlMembership or the ActiveDirectoryMembership Provider with ASP.Net 2.0 and you use the Create User Wizard or the ASP.Net Configuration Web Site to add a new user.  However, you will quickly notice that basic passwords can not be entered without receiving the error message of "Please choose a different password".

The reason behind this is there are two default attributes of the Membership Provider that control the password format as seen below:

minRequiredPasswordLength="7"

minRequiredNonalphanumericCharacters="1"

These two default settings forces the password to be a minimum of seven characters with at least one special character.  Therefore, if you need to weaken the password for your development environment you can add these two attributes to your webconfig under your membership provider element and modify the values respectively.  If you want further control over the password you can also add another attribute that will apply a regular expression to enforce the password format.

passwordStrengthRegularExpression="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,10}$"

However, both minRequiredPasswordLength and minRequiredNonAlphanumericCharacters will have precedent over the regular expression. Therefore, you should modify the value of these two attributes to be weaker then the regular expression, otherwise you will continue to receive a invalid password error message. For example:

minRequiredPasswordLength="1"

minRequiredNonalphanumericCharacters="0"

passwordStrengthRegularExpression="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,10}$"

The regular expression will be forced on the Server side, if you want to apply this to the client side you need to add the regular expression value to the Create User Wizard Control property: "PasswordRegularExpression".

In my next post, I will continue on other password features such locking out user accounts and adding a Question and Answer to your Create User Wizard when using the ActiveMembership Provider.