Add validation to Login control

Discussion in 'ASP .Net Web Controls' started by Brian Fulford, Aug 2, 2007.

  1. I want to add my own regular expression validators to the Login control so
    that I can make my users conform to my own custom rules. However, I do not
    see a way to do that. Should I just revert to the 1.1 way and create my own
    text boxes and override the membership provider? Or is there a better way?
    Brian Fulford, Aug 2, 2007
    #1
    1. Advertising

  2. Brian Fulford

    Guest

    Hello Brian,

    > I want to add my own regular expression validators to the Login
    > control so that I can make my users conform to my own custom rules.
    > However, I do not see a way to do that. Should I just revert to the
    > 1.1 way and create my own text boxes and override the membership
    > provider? Or is there a better way?
    >


    I believe you can set up the expression to use in the web.config in teh memebership
    provider configuration.

    Add an attribute to the membership provider settings in the web.config named
    "passwordFormat" and put the regex you want to use in the value.

    Like this:

    <membership defaultProvider="MembershipProvider">
    <providers>
    <clear />
    <add
    name="MembershipProvider"
    applicationName="yourAppName"
    connectionStringName="...."
    commandTimeout="15"
    passwordFormat="^[a-z]+$"
    type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
    PublicKeyToken=d22f73cb6713ceb0"
    />
    </providers>
    </membership>

    This sample uses a custom written membership provider, so you'll have to
    put in your own type information.

    Jesse
    , Aug 2, 2007
    #2
    1. Advertising

  3. Is there a way to set a reg ex for the username?

    Trying to catch sql injections up front

    "" wrote:

    > Hello Brian,
    >
    > > I want to add my own regular expression validators to the Login
    > > control so that I can make my users conform to my own custom rules.
    > > However, I do not see a way to do that. Should I just revert to the
    > > 1.1 way and create my own text boxes and override the membership
    > > provider? Or is there a better way?
    > >

    >
    > I believe you can set up the expression to use in the web.config in teh memebership
    > provider configuration.
    >
    > Add an attribute to the membership provider settings in the web.config named
    > "passwordFormat" and put the regex you want to use in the value.
    >
    > Like this:
    >
    > <membership defaultProvider="MembershipProvider">
    > <providers>
    > <clear />
    > <add
    > name="MembershipProvider"
    > applicationName="yourAppName"
    > connectionStringName="...."
    > commandTimeout="15"
    > passwordFormat="^[a-z]+$"
    > type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
    > PublicKeyToken=d22f73cb6713ceb0"
    > />
    > </providers>
    > </membership>
    >
    > This sample uses a custom written membership provider, so you'll have to
    > put in your own type information.
    >
    > Jesse
    >
    >
    >
    Brian Fulford, Aug 2, 2007
    #3
  4. Hello Brian,

    > Is there a way to set a reg ex for the username?
    >
    > Trying to catch sql injections up front


    No there is not by default. You could add your own logic to the provider
    though. The sources can be downloaded from the Microsoft website.
    http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx

    But why would you want to catch SQL injections by limiting the input of the
    username? If you do your dataaccess using parameters and validate the input
    at the data layer, there is no way a user chosen name could end up with SQL
    injections. I think you're putting the effort in at the wrong side.

    Jesse


    > "" wrote:
    >
    >> Hello Brian,
    >>
    >>> I want to add my own regular expression validators to the Login
    >>> control so that I can make my users conform to my own custom rules.
    >>> However, I do not see a way to do that. Should I just revert to the
    >>> 1.1 way and create my own text boxes and override the membership
    >>> provider? Or is there a better way?
    >>>

    >> I believe you can set up the expression to use in the web.config in
    >> teh memebership provider configuration.
    >>
    >> Add an attribute to the membership provider settings in the
    >> web.config named "passwordFormat" and put the regex you want to use
    >> in the value.
    >>
    >> Like this:
    >>
    >> <membership defaultProvider="MembershipProvider">
    >> <providers>
    >> <clear />
    >> <add
    >> name="MembershipProvider"
    >> applicationName="yourAppName"
    >> connectionStringName="...."
    >> commandTimeout="15"
    >> passwordFormat="^[a-z]+$"
    >> type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
    >> PublicKeyToken=d22f73cb6713ceb0"
    >> />
    >> </providers>
    >> </membership>
    >> This sample uses a custom written membership provider, so you'll have
    >> to put in your own type information.
    >>
    >> Jesse
    >>
    Jesse Houwing, Aug 2, 2007
    #4
  5. Jesse,

    I added the password format to my membership provider as follows:

    <membership defaultProvider="DSIMembershipProvider"
    userIsOnlineTimeWindow="15">
    <providers>
    <clear/>
    <add name="DSIMembershipProvider"
    applicationName="DSI"
    type="DSIMembershipProvider"
    enablePasswordRetrieval="false"
    enablePasswordReset="true"
    requiresUniqueEmail="true"
    passwordFormat="\w{6,25}"
    />
    </providers>
    </membership>

    However, when I enter a password of 3 characters.. the ValidateUser function
    is still called... shouldn't an error be thrown? Or should I be catching
    something in the page load on postback?


    "" wrote:

    > Hello Brian,
    >
    > > I want to add my own regular expression validators to the Login
    > > control so that I can make my users conform to my own custom rules.
    > > However, I do not see a way to do that. Should I just revert to the
    > > 1.1 way and create my own text boxes and override the membership
    > > provider? Or is there a better way?
    > >

    >
    > I believe you can set up the expression to use in the web.config in teh memebership
    > provider configuration.
    >
    > Add an attribute to the membership provider settings in the web.config named
    > "passwordFormat" and put the regex you want to use in the value.
    >
    > Like this:
    >
    > <membership defaultProvider="MembershipProvider">
    > <providers>
    > <clear />
    > <add
    > name="MembershipProvider"
    > applicationName="yourAppName"
    > connectionStringName="...."
    > commandTimeout="15"
    > passwordFormat="^[a-z]+$"
    > type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
    > PublicKeyToken=d22f73cb6713ceb0"
    > />
    > </providers>
    > </membership>
    >
    > This sample uses a custom written membership provider, so you'll have to
    > put in your own type information.
    >
    > Jesse
    >
    >
    >
    Brian Fulford, Aug 2, 2007
    #5
  6. Hello Brian,

    > Jesse,
    >
    > I added the password format to my membership provider as follows:
    >
    > <membership defaultProvider="DSIMembershipProvider"
    > userIsOnlineTimeWindow="15">
    > <providers>
    > <clear/>
    > <add name="DSIMembershipProvider"
    > applicationName="DSI"
    > type="DSIMembershipProvider"
    > enablePasswordRetrieval="false"
    > enablePasswordReset="true"
    > requiresUniqueEmail="true"
    > passwordFormat="\w{6,25}"
    > />
    > </providers>
    > </membership>
    > However, when I enter a password of 3 characters.. the ValidateUser
    > function is still called... shouldn't an error be thrown? Or should I
    > be catching something in the page load on postback?


    I believe it does not by default add the validation logic to the clientside
    code. That way you can have any format you want. And I don't know if the
    DSIMembershipProvider even implements the passwordFormat option. It could
    be that it's just ignoring your configuration directive..

    Jesse

    >
    > "" wrote:
    >
    >> Hello Brian,
    >>
    >>> I want to add my own regular expression validators to the Login
    >>> control so that I can make my users conform to my own custom rules.
    >>> However, I do not see a way to do that. Should I just revert to the
    >>> 1.1 way and create my own text boxes and override the membership
    >>> provider? Or is there a better way?
    >>>

    >> I believe you can set up the expression to use in the web.config in
    >> teh memebership provider configuration.
    >>
    >> Add an attribute to the membership provider settings in the
    >> web.config named "passwordFormat" and put the regex you want to use
    >> in the value.
    >>
    >> Like this:
    >>
    >> <membership defaultProvider="MembershipProvider">
    >> <providers>
    >> <clear />
    >> <add
    >> name="MembershipProvider"
    >> applicationName="yourAppName"
    >> connectionStringName="...."
    >> commandTimeout="15"
    >> passwordFormat="^[a-z]+$"
    >> type="MembershipProvider, Security, Version=1.0.0.0, Culture=neutral,
    >> PublicKeyToken=d22f73cb6713ceb0"
    >> />
    >> </providers>
    >> </membership>
    >> This sample uses a custom written membership provider, so you'll have
    >> to put in your own type information.
    >>
    >> Jesse
    >>
    Jesse Houwing, Aug 2, 2007
    #6
  7. Brian Fulford

    Teemu Keiski Guest

    Login control has RequiredFieldValidators by default. If you want to add
    your own validators, I suppose you need to template the Login

    --
    Teemu Keiski
    AspInsider, ASP.NET MVP
    http://blogs.aspadvice.com/joteke
    http://teemukeiski.net

    "Brian Fulford" <> wrote in message
    news:...
    >I want to add my own regular expression validators to the Login control so
    > that I can make my users conform to my own custom rules. However, I do not
    > see a way to do that. Should I just revert to the 1.1 way and create my
    > own
    > text boxes and override the membership provider? Or is there a better way?
    Teemu Keiski, Aug 2, 2007
    #7
  8. Brian Fulford

    Jules Guest

    "Brian Fulford" wrote:

    > I want to add my own regular expression validators to the Login control so
    > that I can make my users conform to my own custom rules. However, I do not
    > see a way to do that. Should I just revert to the 1.1 way and create my own
    > text boxes and override the membership provider? Or is there a better way?
    Jules, Aug 7, 2007
    #8
  9. Brian Fulford

    Jules Guest

    Okay, it is late, I just posted a blank reply. After the last few weeks, I
    have concluded that none of this, and I mean none of this is trivial. My
    suggestion is to check out the following code sample for implementing a
    custom Membership provider. This is going to take a lot of understanding to
    implement properly.

    http://msdn2.microsoft.com/en-us/library/6tc47t75(vs.80).aspx

    I have a reference implementation running now with SQL Server 2005 and the
    Enterprise Application Data Application Block. You need to template your
    login control for what you are trying to do. I gave up completely on Adding
    the User via the out-of-the-box control and wrote a combination of custom
    logic and calls to the Overridden CreateUser method to validate the settings
    from my web.config file.

    Also, if you are implementing strong passwords, I just gave up on
    client-side validation and went with the following short bit of server-side
    validation:

    Boolean pwdStrength =
    Regex.IsMatch(@"^(?=.*[a-z].*[a-z])(?=.*[A-Z].*[A-Z])(?=.*\d.*\d)(?=.*\W.*\W)[a-zA-Z0-9\S]{9,}$", txtPassword.Text);
    if (pwdStrength == false)
    {
    lblPasswordError.Visible = false;
    }
    else
    {
    lblPasswordError.Visible = true;
    return;
    }

    This validates the strong, 2 UC, 2 LC, 2 Special Character, minimum 9
    requirements that I had to implement. Many thanks to regexlib.com, and
    especially this guy:

    http://regexlib.com/UserPatterns.aspx?authorId=f5dca9cf-8b21-4591-8c56-2f7a9a1e0d48

    My next sworn, I will defeat you Microsoft, task is to override the
    Encryption and Decryption routines to take Triple Des encryption at the
    application level. I am sorry, but developers having to move the machines
    around and not having key codes is not an excuse of the way encryption was
    implemented in .NET 2.0 Framework.

    You will definitely need this document as well, not that it was easy to find
    either:
    http://download.microsoft.com/downl...-9363-22150625a6a5/asp.net provider model.pdf


    "Brian Fulford" wrote:

    > I want to add my own regular expression validators to the Login control so
    > that I can make my users conform to my own custom rules. However, I do not
    > see a way to do that. Should I just revert to the 1.1 way and create my own
    > text boxes and override the membership provider? Or is there a better way?
    Jules, Aug 7, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ike2010
    Replies:
    0
    Views:
    658
    ike2010
    Nov 15, 2005
  2. The Colonel
    Replies:
    1
    Views:
    593
  3. ad

    Can login with Login Control

    ad, Aug 28, 2006, in forum: ASP .Net
    Replies:
    9
    Views:
    929
    Tim_Mac
    Aug 31, 2006
  4. Replies:
    0
    Views:
    1,339
  5. Chad Scharf
    Replies:
    3
    Views:
    848
    Chad Scharf
    Oct 18, 2007
Loading...

Share This Page