My company has some unique password policies (such as a pwd cannot be re-used for 6 months, aside from the must include #, special character, upper & lower case)
Can anyone suggest how to go about ensuring that a new user's password complies with these policies (using forms authentication in .net 3.5 framework)?
views:
55answers:
2i would create a class that with 1 if statement for each of the rules you have. the password must pass all rules or it is invalid.
this makes it very simple to look up the rules later when management whats to know what they are. its also very simple to read and maintain.
Since you are using .NET 3.5 and though it might sound like a bit of overkill, i would recommend implementing these rules that you have stated using JUST the Rules Engine that comes as part of Windows workflow foundation.
The rules can be stored in a XML file and it gives you the flexibility to easily change the rules eg: 6 months changes to 3 months later to 45 days or length changes from 8 to 10 characters or the regexep for regular expressions changes to accomodate some other rules.
The rules engine is very easy to use and the overhead is none as you are already using .NET3.5.