I had set minRequiredPasswordLength,minRequiredNonalphanumericCharacters in membership section of web.config file. but i need maximum password length also to set. how to set in web.config file?
I think that the default implementations of MembershipProvider does not support this feature. However, you could obtain the same results by validating the password length when the users set/change it.
Edit related to PasswordRecovery control
If you are using a standard implementation of the MembershipProvider class with the PasswordRecovery control you are unable to interfere with the generation of the new password (more precisely ResetPassword - "Resets a user's password to a new, automatically generated password"). If you want to use the PasswordRecovery control I see no other option than creating a custom membership provider deriving from the abstract MembershipProvider class or from one of its concrete implementation (like SqlMembershipProvider);
The other option would be to implement your custom password recovery interface as you could still rely on functionality implemented in your MembershipProvider. When the user wants to reset his password you could use GetUser method to obtain the related information, then ResetPassword to obtain a new password. In this moment you may use the password that ResetPassword returns and call ChangePassword to set a new password that meets your criteria, than email it to the user. There are many ways to implement the corresponding user interface, but the reset password logic would be almost the same.
Also in case you decide that keeping the passwords encrypted instead of hashed meets your requirements, your problem will be solved as users will receive through email their old passwords (that meet the maximum length condition from the moment they were set). For this make the following changes in web.config:
Passwordformat="encrypted"
Passwordreset="true"
Passwordretriaval="true"
You must use ValidatingPassword
event. Here you can check maximum length, etc. More info available at:
http://forums.asp.net/t/946218.aspx