Create A Default User for an ASP.NET Application Using Forms Authentication

Question

I'm creating an ASP.NET web application which I want to secure with Forms Authentication.

When the application is run for the first time, I want it to create a default administrator account so that the owner is able to log in and configure the application.

I managed to get something working for this by running the following method from the Application_Start method:

private static void InitializeMembership(MembershipProvider provider)
{
    int total;
    provider.GetAllUsers(0, 1, out total);

    if (total == 0)
    {
        Membership.CreateUser("admin", "admin");
    }
}

The problem is this fails with an error about the chosen password not being secure enough. Normally this would be fine as I do want to enforce a strong password, but in this specific case I want a simple password

Is there a way of disabling the check for just this call, or am I approaching the whole problem incorrectly?

Answer 1

I would ship the DATABASE with the admin user in there by default, and force that password to get changed on the first login.

This is helpful in two ways: 1) You know that the default admin will always be there 2) you don't have to maintain that user creation code that will only run at very random intervals.

Alternatively, you could make your default password be more complex.