Do I need to make a Custom Membership Provider or is there another way?
I have a project using ASP.NET Forms Authentication and the Microsoft SQL Membership Provider. The website is DONE. I use this provider everywhere. (Register, Login, Forgot Password, etc...)
Until now, my website users have not needed complex passwords. The users' passwords were really just pins. The user could select anything for a password in the past. I had almost no restrictions for this website because none of the data is private or personal.
However I have received new requirements.
Here are the new password requirements:
- Passwords must be at least 8 characters in length.
- Passwords must be created using 3 of the following 4 character types:
- Uppercase
- Lowercase
- Numeric
- Punctuation
- Do not use your name or User ID in the password.
- Do not use old passwords again later.
- Passwords must be changed at least every 60 days.
- Passwords may not contain your User ID or any part of your full name.
- Password history retention will prohibit use of the last 24 passwords.
- Passwords may be changed by users only once in any 6-day period.
I realize I am going to have to modify all of the following pages: Register, Login, Forgot Password, etc... fortunately I stopped using the default controls a long time ago.
I appreciate your thoughts.
My first thought was that I need to write a Custom Membership Provider.
I don't know how to make the standard provider to do most of this. I could write code to do.
- Do I modify the aspnet_membership table?
- Should I add my own table aspnet_something?
- Can the user profile table be used for this problem?
- Do I need my own MembershipUser class?
Thanks.