Lowering password strength with ASP.Net Authentication

In implementing authentication recently I found it troublesome to pinpoint how to modify this setting. So, here’s how.

In this example, I am using the AspNetSqlMembershipProvider over the Active Directory one. I haven’t changed the name from that, although you could.
This link explains how:


In your web.config’s system.web section you’ll need:

        <remove name="AspNetSqlMembershipProvider" />
        <add name="AspNetSqlMembershipProvider"
                  type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  passwordStrengthRegularExpression="" />

Let’s talk about some pieces here.

<remove name="AspNetSqlMembershipProvider" />

could also be <clear/> 

Additionally, The Machine.config file contains a default SqlMembershipProvider instance named AspNetSqlMembershipProvider .  Which is why I’m replacing it with my web applications web.config setting.
This is explained in depth here: http://msdn.microsoft.com/en-us/library/ff648345.aspx

minRequiredPasswordLength sets the length (can be 1 to 128)
passwordStrengthRegularExpression sets the difficulty that the password will be validated against.
In my recent user testing, the defaults for these settings proved to be annoying and unnecessary.


© Copyright Duke Hall - Designed by Pexeto