views:

348

answers:

2

When using web forms authentication with the ASP.NET Membership provider, we are defaulted to some decently strict password rules. I think eight characters, including one non-alpha, are required.

I'm not looking to make them all willy-nill loose, but generally I do not use a non-alpha character in my own password, and feel like a hypocrite forcing my users to do so.

I've done some looking, but can't figure out where this rule is defined. I'm sure I'm just missing something simple - anyone know?

+1  A: 

You could use the passwordStrengthRegularExpression property of the configuration\system.web\membership\providers\add section of the web config.

I don't know if ASP.NET allows a user to create an account if the password doesn't complains the regular expression especified.

There is an example here.

eKek0
A: 

See this article where you can set the minRequiredNonAlphanumericCharacters setting:

http://msdn.microsoft.com/en-us/library/ms998347.aspx#paght000022_sqlmembershipproviderconfig

arrocharGeek