Add validation to Login control

B

Brian Fulford

I want to add my own regular expression validators to the Login control so
that I can make my users conform to my own custom rules. However, I do not
see a way to do that. Should I just revert to the 1.1 way and create my own
text boxes and override the membership provider? Or is there a better way?
 
J

jesse.houwing

Hello Brian,
I want to add my own regular expression validators to the Login
control so that I can make my users conform to my own custom rules.
However, I do not see a way to do that. Should I just revert to the
1.1 way and create my own text boxes and override the membership
provider? Or is there a better way?

I believe you can set up the expression to use in the web.config in teh memebership
provider configuration.

Add an attribute to the membership provider settings in the web.config named
"passwordFormat" and put the regex you want to use in the value.

Like this:

<membership defaultProvider="MembershipProvider">
<providers>
<clear />
<add
name="MembershipProvider"
applicationName="yourAppName"
connectionStringName="...."
commandTimeout="15"
passwordFormat="^[a-z]+$"
type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=d22f73cb6713ceb0"
/>
</providers>
</membership>

This sample uses a custom written membership provider, so you'll have to
put in your own type information.

Jesse
 
B

Brian Fulford

Is there a way to set a reg ex for the username?

Trying to catch sql injections up front

Hello Brian,
I want to add my own regular expression validators to the Login
control so that I can make my users conform to my own custom rules.
However, I do not see a way to do that. Should I just revert to the
1.1 way and create my own text boxes and override the membership
provider? Or is there a better way?

I believe you can set up the expression to use in the web.config in teh memebership
provider configuration.

Add an attribute to the membership provider settings in the web.config named
"passwordFormat" and put the regex you want to use in the value.

Like this:

<membership defaultProvider="MembershipProvider">
<providers>
<clear />
<add
name="MembershipProvider"
applicationName="yourAppName"
connectionStringName="...."
commandTimeout="15"
passwordFormat="^[a-z]+$"
type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=d22f73cb6713ceb0"
/>
</providers>
</membership>

This sample uses a custom written membership provider, so you'll have to
put in your own type information.

Jesse
 
J

Jesse Houwing

Hello Brian,
Is there a way to set a reg ex for the username?

Trying to catch sql injections up front

No there is not by default. You could add your own logic to the provider
though. The sources can be downloaded from the Microsoft website.
http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx

But why would you want to catch SQL injections by limiting the input of the
username? If you do your dataaccess using parameters and validate the input
at the data layer, there is no way a user chosen name could end up with SQL
injections. I think you're putting the effort in at the wrong side.

Jesse

Hello Brian,
I want to add my own regular expression validators to the Login
control so that I can make my users conform to my own custom rules.
However, I do not see a way to do that. Should I just revert to the
1.1 way and create my own text boxes and override the membership
provider? Or is there a better way?
I believe you can set up the expression to use in the web.config in
teh memebership provider configuration.

Add an attribute to the membership provider settings in the
web.config named "passwordFormat" and put the regex you want to use
in the value.

Like this:

<membership defaultProvider="MembershipProvider">
<providers>
<clear />
<add
name="MembershipProvider"
applicationName="yourAppName"
connectionStringName="...."
commandTimeout="15"
passwordFormat="^[a-z]+$"
type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=d22f73cb6713ceb0"
/>
</providers>
</membership>
This sample uses a custom written membership provider, so you'll have
to put in your own type information.

Jesse
 
B

Brian Fulford

Jesse,

I added the password format to my membership provider as follows:

<membership defaultProvider="DSIMembershipProvider"
userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="DSIMembershipProvider"
applicationName="DSI"
type="DSIMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="\w{6,25}"
/>
</providers>
</membership>

However, when I enter a password of 3 characters.. the ValidateUser function
is still called... shouldn't an error be thrown? Or should I be catching
something in the page load on postback?


Hello Brian,
I want to add my own regular expression validators to the Login
control so that I can make my users conform to my own custom rules.
However, I do not see a way to do that. Should I just revert to the
1.1 way and create my own text boxes and override the membership
provider? Or is there a better way?

I believe you can set up the expression to use in the web.config in teh memebership
provider configuration.

Add an attribute to the membership provider settings in the web.config named
"passwordFormat" and put the regex you want to use in the value.

Like this:

<membership defaultProvider="MembershipProvider">
<providers>
<clear />
<add
name="MembershipProvider"
applicationName="yourAppName"
connectionStringName="...."
commandTimeout="15"
passwordFormat="^[a-z]+$"
type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=d22f73cb6713ceb0"
/>
</providers>
</membership>

This sample uses a custom written membership provider, so you'll have to
put in your own type information.

Jesse
 
J

Jesse Houwing

Hello Brian,
Jesse,

I added the password format to my membership provider as follows:

<membership defaultProvider="DSIMembershipProvider"
userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="DSIMembershipProvider"
applicationName="DSI"
type="DSIMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="\w{6,25}"
/>
</providers>
</membership>
However, when I enter a password of 3 characters.. the ValidateUser
function is still called... shouldn't an error be thrown? Or should I
be catching something in the page load on postback?

I believe it does not by default add the validation logic to the clientside
code. That way you can have any format you want. And I don't know if the
DSIMembershipProvider even implements the passwordFormat option. It could
be that it's just ignoring your configuration directive..

Jesse
Hello Brian,
I want to add my own regular expression validators to the Login
control so that I can make my users conform to my own custom rules.
However, I do not see a way to do that. Should I just revert to the
1.1 way and create my own text boxes and override the membership
provider? Or is there a better way?
I believe you can set up the expression to use in the web.config in
teh memebership provider configuration.

Add an attribute to the membership provider settings in the
web.config named "passwordFormat" and put the regex you want to use
in the value.

Like this:

<membership defaultProvider="MembershipProvider">
<providers>
<clear />
<add
name="MembershipProvider"
applicationName="yourAppName"
connectionStringName="...."
commandTimeout="15"
passwordFormat="^[a-z]+$"
type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=d22f73cb6713ceb0"
/>
</providers>
</membership>
This sample uses a custom written membership provider, so you'll have
to put in your own type information.

Jesse
 
T

Teemu Keiski

Login control has RequiredFieldValidators by default. If you want to add
your own validators, I suppose you need to template the Login
 
J

Jules

Brian Fulford said:
I want to add my own regular expression validators to the Login control so
that I can make my users conform to my own custom rules. However, I do not
see a way to do that. Should I just revert to the 1.1 way and create my own
text boxes and override the membership provider? Or is there a better way?
 
J

Jules

Okay, it is late, I just posted a blank reply. After the last few weeks, I
have concluded that none of this, and I mean none of this is trivial. My
suggestion is to check out the following code sample for implementing a
custom Membership provider. This is going to take a lot of understanding to
implement properly.

http://msdn2.microsoft.com/en-us/library/6tc47t75(vs.80).aspx

I have a reference implementation running now with SQL Server 2005 and the
Enterprise Application Data Application Block. You need to template your
login control for what you are trying to do. I gave up completely on Adding
the User via the out-of-the-box control and wrote a combination of custom
logic and calls to the Overridden CreateUser method to validate the settings
from my web.config file.

Also, if you are implementing strong passwords, I just gave up on
client-side validation and went with the following short bit of server-side
validation:

Boolean pwdStrength =
Regex.IsMatch(@"^(?=.*[a-z].*[a-z])(?=.*[A-Z].*[A-Z])(?=.*\d.*\d)(?=.*\W.*\W)[a-zA-Z0-9\S]{9,}$", txtPassword.Text);
if (pwdStrength == false)
{
lblPasswordError.Visible = false;
}
else
{
lblPasswordError.Visible = true;
return;
}

This validates the strong, 2 UC, 2 LC, 2 Special Character, minimum 9
requirements that I had to implement. Many thanks to regexlib.com, and
especially this guy:

http://regexlib.com/UserPatterns.aspx?authorId=f5dca9cf-8b21-4591-8c56-2f7a9a1e0d48

My next sworn, I will defeat you Microsoft, task is to override the
Encryption and Decryption routines to take Triple Des encryption at the
application level. I am sorry, but developers having to move the machines
around and not having key codes is not an excuse of the way encryption was
implemented in .NET 2.0 Framework.

You will definitely need this document as well, not that it was easy to find
either:
http://download.microsoft.com/downl...-9363-22150625a6a5/asp.net provider model.pdf
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top