[ASP. NET 2.0 Security FAQs] how to force high-security passwords in membership

[ASP. NET 2.0 Security FAQs] Directory

Original article link

Translation: 2005-12-10Jackie Lin

You can configure minrequiredpasswordlength, minrequirednonalphanumericcharacters, and passwordstrengthregularexpression attributes in membership to forcibly use passwords with high security.

A password with high security can be used to prevent brute force attacks and dictionary attacks ).

The default password strength of sqlmembershipprovider and activedirectorymembershipprovider is set to: at least 7 characters, with at least 1 non-alphanumeric character.

If you use activedirectorymembershipprovider in the Active Directory (AD), your domain password policy will be used by default, but you canProgramTo overwrite the relevant configurations. similarly, if you use activedirectorymembershipprovider in Adam, your local password policy will be used by default. You can also configure membership to overwrite related configurations.

You can use regular expressions to configure special password strength rules, or you can configure the minimum and maximum length of numbers, characters, and letters in the password.

Use Regular Expressions

< Membership >
< Providers >
< Add Passwordstrengthregularexpression =
"^ (? =. * \ D )(? =. * [A-Z]) (? =. * [A-Z]). {8, 10} $"   />
  </ Providers >
</ Membership >

Minimum length of non-alphanumeric characters

< Membership >
  < Providers >
< Add Minrequiredpasswordlength = 10 Minrequirednonalphanumericcharacters = 2 />
  </ Providers >
</ Membership >

Note: All of the above are configured in the web. config file.

More information

For more information about strong passwords, see: "How to: protect Forms authentication in ASP. NET 2.0"Http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000012.asp