ASP.Net membership Provider: Custom Create User

Question

My textbook states that the default for a valid password, "requires that you enter at least seven characters with one of them being a non-alphanumeric." I am definitely doing that. The error I'm getting is, "The password answer supplied is invalid." Here is the code in the aspx file:

<div id="loginBlock">
    First Name: <asp:TextBox ID="fname" runat="server"></asp:TextBox>&nbsp;&nbsp;
    Last Name: <asp:TextBox ID="lname" runat="server"></asp:TextBox><br />
    Username: <asp:TextBox ID="userName" runat="server"></asp:TextBox><br />
    Password: <asp:TextBox ID="passwd" runat="server" TextMode="Password"></asp:TextBox><br />
    Confirm Password: <asp:TextBox ID="passwdConfirm" runat="server" 
        TextMode="Password"></asp:TextBox>
    &nbsp;<asp:CompareValidator ID="validatePasswd"  CssClass="vaidator" ControlToValidate="passwdConfirm" ControlToCompare="passwd" runat="server" ErrorMessage="Passwords don't match! Re-enter."></asp:CompareValidator><br />
    Email:  <asp:TextBox ID="email" runat="server"></asp:TextBox><br />
    Confirm Email: <asp:TextBox ID="emailConfirm" runat="server"></asp:TextBox>
    &nbsp;<asp:CompareValidator ID="validateEmail"   CssClass="vaidator" ControlToValidate="emailConfirm" ControlToCompare="email" runat="server" ErrorMessage="Passwords don't match! Re-enter."></asp:CompareValidator><br />
    <asp:Button ID="submit" runat="server" Text="JOIN" onclick="submit_Click" /><br /><br />
    <asp:TextBox ID="loginError" CssClass="vaidator" runat="server" Width="300px" ReadOnly="True" 
        BorderStyle="None" Font-Size="0.9em" Rows="2"></asp:TextBox>
</div>

And here is the code-behind button-click event:

 protected void submit_Click(object sender, EventArgs e)
        {
            try
            {
                Membership.CreateUser(userName.Text, passwdConfirm.Text, email.Text);
            }
            catch (MembershipCreateUserException)
            {
                loginError.Text = "Password must be a minumum of 7 characters and contain at least one non-alphanumeric character";
            }
        }

Thanks in advance!

Answer 1

Sounds like you've got question and answer turned on in the security configuration. Check your web.config file for the membership provider section and check that requiresQuestionAndAnswer="false".

In your web.config file you should have a section defining the membership provider settings, something like this:

<membership>
  <providers>
    <clear/>
      <add name="AspNetSqlMembershipProvider" passwordStrengthRegularExpression="^.*(?=^[^\s]{8,32}$)(?=.*[a-zA-Z])(?=.*[\d]).*$" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ConnSTR" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="20" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/myApp"/>
  </providers>
</membership>

The bit you need to set is:

requiresUniqueEmail="false"