Okay, it is late, I just posted a blank reply. After the last few weeks, I
have concluded that none of this, and I mean none of this is trivial. My
suggestion is to check out the following code sample for implementing a
custom Membership provider. This is going to take a lot of understanding to
implement properly.
http://msdn2.microsoft.com/en-us/library/6tc47t75(vs.80).aspx
I have a reference implementation running now with SQL Server 2005 and the
Enterprise Application Data Application Block. You need to template your
login control for what you are trying to do. I gave up completely on Adding
the User via the out-of-the-box control and wrote a combination of custom
logic and calls to the Overridden CreateUser method to validate the settings
from my web.config file.
Also, if you are implementing strong passwords, I just gave up on
client-side validation and went with the following short bit of server-side
validation:
Boolean pwdStrength =
Regex.IsMatch(@"^(?=.*[a-z].*[a-z])(?=.*[A-Z].*[A-Z])(?=.*\d.*\d)(?=.*\W.*\W)[a-zA-Z0-9\S]{9,}$", txtPassword.Text);
if (pwdStrength == false)
{
lblPasswordError.Visible = false;
}
else
{
lblPasswordError.Visible = true;
return;
}
This validates the strong, 2 UC, 2 LC, 2 Special Character, minimum 9
requirements that I had to implement. Many thanks to regexlib.com, and
especially this guy:
http://regexlib.com/UserPatterns.aspx?authorId=f5dca9cf-8b21-4591-8c56-2f7a9a1e0d48
My next sworn, I will defeat you Microsoft, task is to override the
Encryption and Decryption routines to take Triple Des encryption at the
application level. I am sorry, but developers having to move the machines
around and not having key codes is not an excuse of the way encryption was
implemented in .NET 2.0 Framework.
You will definitely need this document as well, not that it was easy to find
either:
http://download.microsoft.com/downl...-9363-22150625a6a5/asp.net provider model.pdf