Re: Add validation to Login control

Hello Brian,

Jesse,

I added the password format to my membership provider as follows:

<membership defaultProvider="DSIMembershipProvider"
userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="DSIMembershipProvider"
applicationName="DSI"
type="DSIMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="\w{6,25}"
/>
</providers>
</membership>
However, when I enter a password of 3 characters.. the ValidateUser
function is still called... shouldn't an error be thrown? Or should I
be catching something in the page load on postback?

I believe it does not by default add the validation logic to the clientside code. That way you can have any format you want. And I don't know if the DSIMembershipProvider even implements the passwordFormat option. It could be that it's just ignoring your configuration directive..

Jesse


"jesse.houwing@xxxxxxxxx" wrote:

Hello Brian,

I want to add my own regular expression validators to the Login
control so that I can make my users conform to my own custom rules.
However, I do not see a way to do that. Should I just revert to the
1.1 way and create my own text boxes and override the membership
provider? Or is there a better way?

I believe you can set up the expression to use in the web.config in
teh memebership provider configuration.

Add an attribute to the membership provider settings in the
web.config named "passwordFormat" and put the regex you want to use
in the value.

Like this:

<membership defaultProvider="MembershipProvider">
<providers>
<clear />
<add
name="MembershipProvider"
applicationName="yourAppName"
connectionStringName="...."
commandTimeout="15"
passwordFormat="^[a-z]+$"
type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=d22f73cb6713ceb0"
/>
</providers>
</membership>
This sample uses a custom written membership provider, so you'll have
to put in your own type information.

Jesse



.

Relevant Pages

  • Re: Membership custom provider - logout function
    ... The custom membership provider should work against this security server. ... the data store does not generate a sessionID - the data store says yes/no to the credentials - and afterwards the login control creates something called an "authentication ticket" - this tickets get "attached" to the current request/response using either a cookie or query string mangling. ... You can configure the behaviour, lifetime, name etc. of that ticket using the config element. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: ActiveDirectory and user page Access
    ... User and role info is coming from Active directory ... This is a read-only provider that retrieves role information for a Windows ... together with both SQL and AD membership provider. ...
    (microsoft.public.vsnet.general)
  • Re: LDAP Authentication
    ... One of the things with the membership provider framework is that you don't actually have to implement every single interface member when building your provider. ... Most of the complexity stems from managing all that stuff and figuring out the LDAP details to make that work on your given directory platform. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: validaing security using AD groups... in web.config
    ... you're using ASP.NET membership provider and want ... use AD groups for authorization in the application,correct? ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Using login alias in Membership Provider
    ... ASP.NET app, but I am just writing the provider. ... or with the Login control: ... So are you using the AD membership provider currently? ...
    (microsoft.public.dotnet.framework.aspnet.security)