Hi All, I have a web app which uses form authentication. I have strict
requirements for password policies which very much similar to Windows
password policy. So I thought of invoking the same DLL which is used in
Windows OS for enforcing strong Password requirements. Is there a way I can
do it?
Not allowed to use LDAP/Windows Authentication etc...
TIA
7  1520 
the recommend approach is to use aspnet_setreg with password encryption for
1.1, for 2.0 most of the infrastructure is built in. Start here http://support.microsoft.com/kb/329290/
--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Vai2000" <no****@microsoft.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
Hi All, I have a web app which uses form authentication. I have strict
requirements for password policies which very much similar to Windows
password policy. So I thought of invoking the same DLL which is used in
Windows OS for enforcing strong Password requirements. Is there a way I
can
do it?
Not allowed to use LDAP/Windows Authentication etc...
TIA
Hi,
Using a regular expression with a pattern that validates a strong password might be more appropriate.
(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$
"Validates a strong password. It must be between 8 and 10 characters, contain at least one digit and one alphabetic character, and
must not contain special characters."
I got that regex from the following link on MSDN, which explains the basics of using a RegularExpressionValidator control: http://msdn.microsoft.com/library/de...AGHT000001.asp
Someone else wrote their own regex: http://forums.asp.net/thread/1219361.aspx
They are using the Membership Provider in ASP.NET 2.0 and setting the PasswordStrengthRegularExpression property in their web.config
file, so their example is HTML encoded.
HTH
--
Dave Sexton
"Vai2000" <no****@microsoft.comwrote in message news:%2****************@TK2MSFTNGP05.phx.gbl...
Hi All, I have a web app which uses form authentication. I have strict
requirements for password policies which very much similar to Windows
password policy. So I thought of invoking the same DLL which is used in
Windows OS for enforcing strong Password requirements. Is there a way I can
do it?
Not allowed to use LDAP/Windows Authentication etc...
TIA
How about all the other misc stuff..
1. Password should be changed after 90 days
2. user prohibited from only changing /adding 1 character to their previous
passwords
3 Password reuse must be prohibited by not allowing the last 10 passwords to
be reused with a min. password age of atleast 2 days...
list just goes on......
"Dave Sexton" <dave@jwa[remove.this]online.comwrote in message
news:O7*************@TK2MSFTNGP06.phx.gbl...
Hi,
Using a regular expression with a pattern that validates a strong password
might be more appropriate.
>
(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$
"Validates a strong password. It must be between 8 and 10 characters,
contain at least one digit and one alphabetic character, and
must not contain special characters."
I got that regex from the following link on MSDN, which explains the
basics of using a RegularExpressionValidator control:
>
http://msdn.microsoft.com/library/de...AGHT000001.asp
>
Someone else wrote their own regex:
http://forums.asp.net/thread/1219361.aspx
They are using the Membership Provider in ASP.NET 2.0 and setting the
PasswordStrengthRegularExpression property in their web.config
file, so their example is HTML encoded.
HTH
--
Dave Sexton
"Vai2000" <no****@microsoft.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
Hi All, I have a web app which uses form authentication. I have strict
requirements for password policies which very much similar to Windows
password policy. So I thought of invoking the same DLL which is used in
Windows OS for enforcing strong Password requirements. Is there a way I
can
do it?
Not allowed to use LDAP/Windows Authentication etc...
TIA
Hi,
If you have such stringent requirements you would have to implement your own
provider.
In the same way you will have to store extra info in a DB , like previously
used password, last changed date, etc.
--
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
"Vai2000" <no****@microsoft.comwrote in message
news:O1**************@TK2MSFTNGP06.phx.gbl...
How about all the other misc stuff..
1. Password should be changed after 90 days
2. user prohibited from only changing /adding 1 character to their
previous
passwords
3 Password reuse must be prohibited by not allowing the last 10 passwords
to
be reused with a min. password age of atleast 2 days...
list just goes on......
"Dave Sexton" <dave@jwa[remove.this]online.comwrote in message
news:O7*************@TK2MSFTNGP06.phx.gbl...
>Hi,
Using a regular expression with a pattern that validates a strong
password
might be more appropriate.
>>
(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$
"Validates a strong password. It must be between 8 and 10 characters,
contain at least one digit and one alphabetic character, and
>must not contain special characters."
I got that regex from the following link on MSDN, which explains the
basics of using a RegularExpressionValidator control:
>>
http://msdn.microsoft.com/library/de...AGHT000001.asp
>>
Someone else wrote their own regex:
http://forums.asp.net/thread/1219361.aspx
They are using the Membership Provider in ASP.NET 2.0 and setting the
PasswordStrengthRegularExpression property in their web.config
>file, so their example is HTML encoded.
HTH
--
Dave Sexton
"Vai2000" <no****@microsoft.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
Hi All, I have a web app which uses form authentication. I have strict
requirements for password policies which very much similar to Windows
password policy. So I thought of invoking the same DLL which is used in
Windows OS for enforcing strong Password requirements. Is there a way I
can
do it?
Not allowed to use LDAP/Windows Authentication etc...
TIA
Hi,
That depends on where and how you are storing the passwords. Anyway, how could the Windows API help you to enforce these rules if
your using Forms authentication? Your going to have to enforce these, and any other business rules in code.
--
Dave Sexton
"Vai2000" <no****@microsoft.comwrote in message news:O1**************@TK2MSFTNGP06.phx.gbl...
How about all the other misc stuff..
1. Password should be changed after 90 days
2. user prohibited from only changing /adding 1 character to their previous
passwords
3 Password reuse must be prohibited by not allowing the last 10 passwords to
be reused with a min. password age of atleast 2 days...
list just goes on......
"Dave Sexton" <dave@jwa[remove.this]online.comwrote in message
news:O7*************@TK2MSFTNGP06.phx.gbl...
>Hi,
Using a regular expression with a pattern that validates a strong password
might be more appropriate.
>>
(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$
"Validates a strong password. It must be between 8 and 10 characters,
contain at least one digit and one alphabetic character, and
>must not contain special characters."
I got that regex from the following link on MSDN, which explains the
basics of using a RegularExpressionValidator control:
>>
http://msdn.microsoft.com/library/de...AGHT000001.asp
>>
Someone else wrote their own regex:
http://forums.asp.net/thread/1219361.aspx
They are using the Membership Provider in ASP.NET 2.0 and setting the
PasswordStrengthRegularExpression property in their web.config
>file, so their example is HTML encoded.
HTH
--
Dave Sexton
"Vai2000" <no****@microsoft.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
Hi All, I have a web app which uses form authentication. I have strict
requirements for password policies which very much similar to Windows
password policy. So I thought of invoking the same DLL which is used in
Windows OS for enforcing strong Password requirements. Is there a way I
can
do it?
Not allowed to use LDAP/Windows Authentication etc...
TIA
Dave Sexton wrote:
(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$
"Validates a strong password. It must be between 8 and 10
characters,
contain at least one digit and one alphabetic character, and must
not
contain special characters."
Surely a password with symbols in it is (all else being equal)
stronger than one that's purely alphanumeric?
Eq.
Agreed.
--
Dave Sexton
"Paul E Collins" <fi******************@CL4.orgwrote in message news:uu******************************@bt.com...
Dave Sexton wrote:
>(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$
"Validates a strong password. It must be between 8 and 10 characters,
contain at least one digit and one alphabetic character, and must not
contain special characters."
Surely a password with symbols in it is (all else being equal) stronger than one that's purely alphanumeric?
Eq.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: robert |
last post by:
well, talk about timely. i'm tasked to implement a security feature,
and would rather do so in the database than the application code. the
application is generally Oracle, but sometimes DB2. ...
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data...
|
by: Ashish |
last post by:
Hi Guys
I am getting the following error while implementing authentication using
WS-security.
"Microsoft.Web.Services2.Security.SecurityFault: The security token could
not be authenticated...
|
by: prithvi g via .NET 247 |
last post by:
Hi
I am a newbie to .NET remoting, I am trying to implementauthorization using SSPI example provided by Michael Barnett. Ihave included the required dll(Microsoft.Samples.Security.SSPI.dll...
|
by: Earl Teigrob |
last post by:
Background:
When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
|
by: Magdelin |
last post by:
Hi,
My security team thinks allowing communication between the two IIS instances
leads to severe security risks. Basically, we want to put our presentation
tier on the perimeter network and the...
|
by: Jay C. |
last post by:
Jay
3 Jan. 11:38 Optionen anzeigen
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen
Datum: 3 Jan...
|
by: Velvet |
last post by:
I ran FxCop on one of the components for my web site and the security rules
what me to add " tags like the ones listed
below:
This breaks my ASP.NET application. So my question is,...
|
by: Jeremy S. |
last post by:
..NET's code Access Security enables administrators to restrict the types of
things that a .NET application can do on a local computer. For example, a
..NET Windows Forms application can be...
|
by: Budhi Saputra Prasetya |
last post by:
Hi,
I managed to create a Windows Form Control and put it on my ASP .NET page. I
have done the suggestion that is provided by modifying the security settings.
From the stack trace, I would...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
