PCI Compliance with ASP.Net Membership Provider | ansaurus

tags:

views:

17

answers:

1

+2 Q:

PCI Compliance with ASP.Net Membership Provider

So if you have an ecommerce app and you used the awesome ASP.Net Membership Provider you have a working user authentication system out-of-the-box.

Now.. your customers says "Please make my site PCI Compliant"

So it seems like there are handful of tweaks that you'll need to make, such as:

enforce symbols in new passwords
minimum password length of 7

These are easy ones, you can set them all in the web.config in the Membership Provider section.

However, a PCI requirement like:

Disable inactive accounts after 90 days

It seems like you need some kind of c# script + scheduled task to handle this. Has anyone every made nice nice utility script/class that takes care of all of these extra PCI issues? It seems like a very generic script and would work on most sites.

+1 A:

If you are using the SqlMembershipProvider for membership, you can try out this SQL script to lock out accounts that have not logged in in 90 days.

update mydatabase.dbo.aspnet_Membership
set IsLockedOut = 1, LastLockoutDate = GETDATE()
where LastLoginDate < GETDATE() - 90

kbrimington 2010-09-02 14:42:57

related questions

after running aspnet_regsql.exe , do I have to init the db with data? how?

Not using e-mail address in a custom MembershipProvider?

How to pass the current user to a web control declaratively

How do you rename a Role using Membership in .NET?

What encryption algorithm does the .net membership provider use?

Membership.GetUser() & MARS

Web.config editing for Membership Role Authorization

Globalization of Membership exceptions isn't taking place... What to do?

OpenId development while disconnected from Internet

programmatic login with .net membership provider

Addin extra properties to MembershipProvider

ASP.Net Providers from web server in DMZ

ASP.NET PasswordRecovery Control with Localized content

Examples of asp.net mvc and authentication

ASP.NET Membership for high security scenarios?

ASP.NET Forms Authentication With Only UserName

What to use for membership in ASP.NET

How can I wrap a transaction around Membership.CreateUser?

New site creation and security/authentication,- should I use ASP.net Membership Provider?

ASP.NET WSAT (Website Administration Tool) and Custom Membership Providers

How do you manage asp.net SQL membership roles/users in production?

How to access UserId in ASP.NET Membership without using Membership.GetUser() ?

Can I use OpenId with the ASP MembershipProvider?

How do you pass an authenticaticated session between app domains

Class design decision