How do I control the format MembershipUser.ResetPassword()

Question

Is it possible to control the format of the password that is automatically generated by a call to MembershipUser.ResetPassword()?

I want to be able to allow or not allow certain special characters in the generated password.

I am using the SqlMembershipProvider with a password format of Hashed.

Thanks.

Answer 1

Have a look at this article - Changing the autogenerated password format in the SqlMembershipProvider.

I came up with a quick way to hack the SqlMembershipProvider to generate less complex passwords, and it was as simple as creating a new provider class that inherits from SqlMembershipProvider, then overriding the GeneratePassword method.

This is not a fully resolved solution but it might help.

Answer 2

You may want to do this in two steps, as identified by Mark Fitzpatrick here: http://bytes.com/groups/net-asp/689452-how-reset-users-password-without-having-use-passwordrecovery#post2740740

First Reset the password, then immediately change it to a format of your liking. Obviously using a fixed string as in Mark's example would NOT be recommended - you'd want to implement some random string generator.

user.ChangePassword(user.ResetPassword(), MyMethodToGenerateRandomPassword());

Answer 3

Today you can also use the Membership.GeneratePassword method and pass a MinRequiredPasswordLengthor use the property already defined in Web.config like this:

  var newPassword =
                   // 0 = Number of non alphanumeric characters
                  Membership.GeneratePassword(Membership.MinRequiredPasswordLength, 0);

  user.ChangePassword(user.ResetPassword(), newPassword);

Answer 4

I was hoping that there would be some configuration setting could use but overriding the GeneratePassword() method works for my situation.

We already had a crypto utility class that would generate the random password strings so it was a pretty quick change.