By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,678 Members | 2,192 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,678 IT Pros & Developers. It's quick & easy.

PasswordRecovery Control - Control Random Password Characters

P: n/a
I'm trying to create a process that allows me to limit the non-alphanumeric
characters generated with the PasswordRecovery control. Specially I want to
suppress some characters for security reasons. With textboxes I'm doing this
with a RegularExpressionValidator control and have the following the
following attribute setup:
ValidationExpression="^[a-zA-Z0-9\.\-_@#$%^&+=]{6,100}"

This limits the user input to alphanumeric characters as well of some
selected characters. The problem is when I use the built-in PasswordRecovery
control, I can't find a way to limit the random characters, some of which
cause a validation error within the RegularExpressionValidator control. For
example, the following was created by the PasswordRecovery control for a new
password:
UFa]d+T|!&D9eE

Some of the characters violate my regular expression. So I tried two other
approaches which also have failed. One was to simplify my regular expression
to just check that a minimum and maximum number of characters were passed,
such as:
ValidationExpression="^[\w]{6,100}"

So "UFa]d+T|!&D9eE" should pass this test, but unfortunately it doesn't
because of the bracket ("]") confuses the regex processing.

The other path I explored was creating my own Password Recovery user control
and started coding with MembershipUser.ResetPassword and related functions.
Unfortunately I couldn't find away to reset the user password without having
the current password. Since I'm using the hash method to store the password,
I can't obtain the password via code. Since the user forgot the password, I
can't ask the user for it on the form. It seems like catch-22!

My two questions:
1. Using the PasswordRecovery Control, can I limit the characters that are
randomly generated when the user control is created? Even just limiting to
alphanumeric would be good.
2. Creating my own control, how do I reset the password without knowing the
original password, while using the hash method to store passwords?
Dec 31 '06 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.