How do I control the format MembershipUser.ResetPassword()
-
06-07-2019 - |
Question
Is it possible to control the format of the password that is automatically generated by a call to MembershipUser.ResetPassword()?
I want to be able to allow or not allow certain special characters in the generated password.
I am using the SqlMembershipProvider with a password format of Hashed.
Thanks.
Solution
Have a look at this article - Changing the autogenerated password format in the SqlMembershipProvider.
I came up with a quick way to hack the SqlMembershipProvider to generate less complex passwords, and it was as simple as creating a new provider class that inherits from SqlMembershipProvider, then overriding the GeneratePassword method.
This is not a fully resolved solution but it might help.
OTHER TIPS
You may want to do this in two steps, as identified by Mark Fitzpatrick here: http://bytes.com/groups/net-asp/689452-how-reset-users-password-without-having-use-passwordrecovery#post2740740
First Reset the password, then immediately change it to a format of your liking. Obviously using a fixed string as in Mark's example would NOT be recommended - you'd want to implement some random string generator.
user.ChangePassword(user.ResetPassword(), MyMethodToGenerateRandomPassword());
Today you can also use the Membership.GeneratePassword
method and pass a MinRequiredPasswordLength
or use the property already defined in Web.config like this:
var newPassword =
// 0 = Number of non alphanumeric characters
Membership.GeneratePassword(Membership.MinRequiredPasswordLength, 0);
user.ChangePassword(user.ResetPassword(), newPassword);
I was hoping that there would be some configuration setting could use but overriding the GeneratePassword() method works for my situation.
We already had a crypto utility class that would generate the random password strings so it was a pretty quick change.