ChangePassword control and setting regular expression for new password

https://stackoverflow.com/questions/1728421

19-09-2019
|

Question

This seems like it should have a simple solution but I can't seem to find it.

I'm using the ChangePassword control in an ASP.NET 2.0 application, using both the ChangePasswordTemplate and SuccessTemplate to define custom styling. The textboxes have IDs as follows

Current Password Textbox ID = CurrentPassword
New Password Textbox ID = NewPassword
Confirm New Password Textbox ID = ConfirmPassword

For DRY reasons, I want to use the regular expression that is defined in the Custom Membership Provider to validate the new password client side. Unfortunately, setting the ChangedPassword control's property as follows

ChangePassword.NewPasswordRegularExpression = 
    Membership.PasswordStrengthRegularExpression;
ChangePassword.NewPasswordRegularExpressionErrorMessage = 
    "Regex Error Message";

in Page_Init sets the expression to the expected value, but does not cause client side validation to happen on the new password (the page posts back and the standard Membership ChangePassword failure text gets displayed).

I could use a RegularExpressionValidator in the ChangePasswordTemplate and set the ValidationExpression property to Membership.PasswordStrengthRegularExpression but the best way that I can see to do this requires recursing through the controls in the template to find the RegularExpressionValidator and setting the property, which makes me believe that there must be a more elegant way. I have other validator controls in the template (required fields and a compare validator), in case this may be causing a conflict with using the ChangePassword validation properties.

My question is then, does the ChangePassword control's NewPasswordRegularExpression property work when using templates or do I need to go down the RegularExpressionValidator control route?

EDIT:

Offered up a bounty on this as I can't find a definitive answer as to why the ChangePassword control's NewPasswordRegularExpression property does not validate client side.

Solution

If you use "Convert to Template", the RegularExpressionValidator control is not created automatically and therefore not rendered to the final page. This can be confirmed by viewing the page source before and after converting to template.

To add a RegularExpressionValidator exactly like the one ASP.NET uses without the template, define it between the NewPassword TextBox and the RequiredFieldValidator like this:

<asp:TextBox ID="NewPassword" runat="server" TextMode="Password"></asp:TextBox>

<asp:RegularExpressionValidator ID="NewPasswordRegExp" runat="server"
    ErrorMessage="RegularExpressionValidator" Display="Dynamic"
    ControlToValidate="NewPassword" ValidationGroup="ChangePassword1"></asp:RegularExpressionValidator>

<asp:RequiredFieldValidator ID="NewPasswordRequired" runat="server" 
    ControlToValidate="NewPassword" ErrorMessage="New Password is required." 
    ToolTip="New Password is required." ValidationGroup="ChangePassword1">*</asp:RequiredFieldValidator>

You can't use the ChangePassword's NewPasswordRegularExpression property to change the regular expression at this point. You'll have to do this instead:

protected void Page_Init(object sender, EventArgs e)
{
    RegularExpressionValidator validator
        = ((RegularExpressionValidator)(ChangePassword1.Controls[0].FindControl("NewPasswordRegExp")));

    validator.ValidationExpression = Membership.PasswordStrengthRegularExpression;
    validator.ErrorMessage = "Regex Error Message";
}

I hope this helps.

OTHER TIPS

Sorry it took me too long to come back.

PasswordStrengthRegularExpression is validated at server side. and NewPasswordRegularExpression validated at client side. And here is the difference. Due to bug in JSScript/VSScript Regx validation, every regular expression which is validated at server will not validated in browswer.

Additionally the password is get validated with NewPasswordRegularExpression as well PasswordStrengthRegularExpression. So NewPasswordRegularExpression should not break the rule defined in PasswordStrengthRegularExpression.

e.g.

passwordStrengthRegularExpression="^*(?=.{7,})(?=(.*\W){1,})(?=(.*\d){1,})"
NewPasswordRegularExpression="^(?=.{8,})(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*\W).*$"

works fine.

Hope this helps you.

Update: regex lookahead bug.
http://blog.stevenlevithan.com/archives/regex-lookahead-bug

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow