How to Change MinRequiredNonAlphanumericCharacters in AspNetSqlPro

Discussion in 'ASP .Net Security' started by EagleRed@HighFlyingBirds.com, Jan 5, 2006.

  1. Guest

    I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL 2005. I have
    installed the aspnetdb and I am trying to setup a Logon page with a test
    user. When I tried to create the test user in the WAT I found that the
    password was not accepted because it did not contain a non-alphanumeric
    character. My users will resist using extremely strong passwords. Many will
    not understand the concept. Therefore, I need to set this to zero. How can
    I do this?

    I have a reference that points me to the application web.config file but
    this seems to apply to a custom membership provider. I do not need to a
    custom provider. I only want to avoid requiring non-alphanumeric characters
    in passwords. Later, I may want to setup my own regular expression as well.

    Thanks for any guidance on this.
    , Jan 5, 2006
    #1
    1. Advertising

  2. Hi,

    look at the <membership> element in machine.config - you can configure that
    there machine wide - otherwise copy the config element to your local web.config.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL 2005.
    > I have installed the aspnetdb and I am trying to setup a Logon page
    > with a test user. When I tried to create the test user in the WAT I
    > found that the password was not accepted because it did not contain a
    > non-alphanumeric character. My users will resist using extremely
    > strong passwords. Many will not understand the concept. Therefore, I
    > need to set this to zero. How can I do this?
    >
    > I have a reference that points me to the application web.config file
    > but this seems to apply to a custom membership provider. I do not
    > need to a custom provider. I only want to avoid requiring
    > non-alphanumeric characters in passwords. Later, I may want to setup
    > my own regular expression as well.
    >
    > Thanks for any guidance on this.
    >
    Dominick Baier [DevelopMentor], Jan 5, 2006
    #2
    1. Advertising

  3. Guest

    Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq

    I assume that copying this element to the application web.config and
    modifying attributes will safely override for the app. only. The app is
    being deployed to a shared server, so I cannot do anything to the
    machine.config.

    "Dominick Baier [DevelopMentor]" wrote:

    > Hi,
    >
    > look at the <membership> element in machine.config - you can configure that
    > there machine wide - otherwise copy the config element to your local web.config.
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL 2005.
    > > I have installed the aspnetdb and I am trying to setup a Logon page
    > > with a test user. When I tried to create the test user in the WAT I
    > > found that the password was not accepted because it did not contain a
    > > non-alphanumeric character. My users will resist using extremely
    > > strong passwords. Many will not understand the concept. Therefore, I
    > > need to set this to zero. How can I do this?
    > >
    > > I have a reference that points me to the application web.config file
    > > but this seems to apply to a custom membership provider. I do not
    > > need to a custom provider. I only want to avoid requiring
    > > non-alphanumeric characters in passwords. Later, I may want to setup
    > > my own regular expression as well.
    > >
    > > Thanks for any guidance on this.
    > >

    >
    >
    >
    , Jan 6, 2006
    #3
  4. Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq

    Hi,

    just give the provider a new name or add a <clear /> element to the <providers>
    section - otherwise you'll have a naming conflict.
    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I assume that copying this element to the application web.config and
    > modifying attributes will safely override for the app. only. The app
    > is being deployed to a shared server, so I cannot do anything to the
    > machine.config.
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hi,
    >>
    >> look at the <membership> element in machine.config - you can
    >> configure that there machine wide - otherwise copy the config element
    >> to your local web.config.
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL
    >>> 2005. I have installed the aspnetdb and I am trying to setup a Logon
    >>> page with a test user. When I tried to create the test user in the
    >>> WAT I found that the password was not accepted because it did not
    >>> contain a non-alphanumeric character. My users will resist using
    >>> extremely strong passwords. Many will not understand the concept.
    >>> Therefore, I need to set this to zero. How can I do this?
    >>>
    >>> I have a reference that points me to the application web.config file
    >>> but this seems to apply to a custom membership provider. I do not
    >>> need to a custom provider. I only want to avoid requiring
    >>> non-alphanumeric characters in passwords. Later, I may want to
    >>> setup my own regular expression as well.
    >>>
    >>> Thanks for any guidance on this.
    >>>
    Dominick Baier [DevelopMentor], Jan 6, 2006
    #4
  5. Guest

    Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq

    Basically, this requires a custom provider. By copying from the
    machine.config I am saving some time/effort in doing so.

    "Dominick Baier [DevelopMentor]" wrote:

    > Hi,
    >
    > just give the provider a new name or add a <clear /> element to the <providers>
    > section - otherwise you'll have a naming conflict.
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I assume that copying this element to the application web.config and
    > > modifying attributes will safely override for the app. only. The app
    > > is being deployed to a shared server, so I cannot do anything to the
    > > machine.config.
    > >
    > > "Dominick Baier [DevelopMentor]" wrote:
    > >
    > >> Hi,
    > >>
    > >> look at the <membership> element in machine.config - you can
    > >> configure that there machine wide - otherwise copy the config element
    > >> to your local web.config.
    > >>
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL
    > >>> 2005. I have installed the aspnetdb and I am trying to setup a Logon
    > >>> page with a test user. When I tried to create the test user in the
    > >>> WAT I found that the password was not accepted because it did not
    > >>> contain a non-alphanumeric character. My users will resist using
    > >>> extremely strong passwords. Many will not understand the concept.
    > >>> Therefore, I need to set this to zero. How can I do this?
    > >>>
    > >>> I have a reference that points me to the application web.config file
    > >>> but this seems to apply to a custom membership provider. I do not
    > >>> need to a custom provider. I only want to avoid requiring
    > >>> non-alphanumeric characters in passwords. Later, I may want to
    > >>> setup my own regular expression as well.
    > >>>
    > >>> Thanks for any guidance on this.
    > >>>

    >
    >
    >
    , Jan 6, 2006
    #5
  6. Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq

    hi,

    this does NOT require a custom provider - just configure the existing one
    appropriately.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Basically, this requires a custom provider. By copying from the
    > machine.config I am saving some time/effort in doing so.
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hi,
    >>
    >> just give the provider a new name or add a <clear /> element to the
    >> <providers>
    >> section - otherwise you'll have a naming conflict.
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> I assume that copying this element to the application web.config and
    >>> modifying attributes will safely override for the app. only. The
    >>> app is being deployed to a shared server, so I cannot do anything to
    >>> the machine.config.
    >>>
    >>> "Dominick Baier [DevelopMentor]" wrote:
    >>>
    >>>> Hi,
    >>>>
    >>>> look at the <membership> element in machine.config - you can
    >>>> configure that there machine wide - otherwise copy the config
    >>>> element to your local web.config.
    >>>>
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL
    >>>>> 2005. I have installed the aspnetdb and I am trying to setup a
    >>>>> Logon page with a test user. When I tried to create the test user
    >>>>> in the WAT I found that the password was not accepted because it
    >>>>> did not contain a non-alphanumeric character. My users will
    >>>>> resist using extremely strong passwords. Many will not understand
    >>>>> the concept. Therefore, I need to set this to zero. How can I do
    >>>>> this?
    >>>>>
    >>>>> I have a reference that points me to the application web.config
    >>>>> file but this seems to apply to a custom membership provider. I
    >>>>> do not need to a custom provider. I only want to avoid requiring
    >>>>> non-alphanumeric characters in passwords. Later, I may want to
    >>>>> setup my own regular expression as well.
    >>>>>
    >>>>> Thanks for any guidance on this.
    >>>>>
    Dominick Baier [DevelopMentor], Jan 7, 2006
    #6
  7. Guest

    Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq

    I am a little confused. I wil be deploying the site to a hosted/shared web
    server. I will not be able to make changes to the machine.config for obvious
    reasons. If I modify the existing provider in my app, do the changes apply
    only to my app? Honestly, this is an area where I have very little experience.

    "Dominick Baier [DevelopMentor]" wrote:

    > hi,
    >
    > this does NOT require a custom provider - just configure the existing one
    > appropriately.
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Basically, this requires a custom provider. By copying from the
    > > machine.config I am saving some time/effort in doing so.
    > >
    > > "Dominick Baier [DevelopMentor]" wrote:
    > >
    > >> Hi,
    > >>
    > >> just give the provider a new name or add a <clear /> element to the
    > >> <providers>
    > >> section - otherwise you'll have a naming conflict.
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> I assume that copying this element to the application web.config and
    > >>> modifying attributes will safely override for the app. only. The
    > >>> app is being deployed to a shared server, so I cannot do anything to
    > >>> the machine.config.
    > >>>
    > >>> "Dominick Baier [DevelopMentor]" wrote:
    > >>>
    > >>>> Hi,
    > >>>>
    > >>>> look at the <membership> element in machine.config - you can
    > >>>> configure that there machine wide - otherwise copy the config
    > >>>> element to your local web.config.
    > >>>>
    > >>>> ---------------------------------------
    > >>>> Dominick Baier - DevelopMentor
    > >>>> http://www.leastprivilege.com
    > >>>>> I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL
    > >>>>> 2005. I have installed the aspnetdb and I am trying to setup a
    > >>>>> Logon page with a test user. When I tried to create the test user
    > >>>>> in the WAT I found that the password was not accepted because it
    > >>>>> did not contain a non-alphanumeric character. My users will
    > >>>>> resist using extremely strong passwords. Many will not understand
    > >>>>> the concept. Therefore, I need to set this to zero. How can I do
    > >>>>> this?
    > >>>>>
    > >>>>> I have a reference that points me to the application web.config
    > >>>>> file but this seems to apply to a custom membership provider. I
    > >>>>> do not need to a custom provider. I only want to avoid requiring
    > >>>>> non-alphanumeric characters in passwords. Later, I may want to
    > >>>>> setup my own regular expression as well.
    > >>>>>
    > >>>>> Thanks for any guidance on this.
    > >>>>>

    >
    >
    >
    , Jan 7, 2006
    #7
  8. Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq

    hi,

    yep - if you configure the provider in you local web.config - this will only
    apply to your app.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I am a little confused. I wil be deploying the site to a
    > hosted/shared web server. I will not be able to make changes to the
    > machine.config for obvious reasons. If I modify the existing provider
    > in my app, do the changes apply only to my app? Honestly, this is an
    > area where I have very little experience.
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> hi,
    >>
    >> this does NOT require a custom provider - just configure the existing
    >> one appropriately.
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Basically, this requires a custom provider. By copying from the
    >>> machine.config I am saving some time/effort in doing so.
    >>>
    >>> "Dominick Baier [DevelopMentor]" wrote:
    >>>
    >>>> Hi,
    >>>>
    >>>> just give the provider a new name or add a <clear /> element to the
    >>>> <providers>
    >>>> section - otherwise you'll have a naming conflict.
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> I assume that copying this element to the application web.config
    >>>>> and modifying attributes will safely override for the app. only.
    >>>>> The app is being deployed to a shared server, so I cannot do
    >>>>> anything to the machine.config.
    >>>>>
    >>>>> "Dominick Baier [DevelopMentor]" wrote:
    >>>>>
    >>>>>> Hi,
    >>>>>>
    >>>>>> look at the <membership> element in machine.config - you can
    >>>>>> configure that there machine wide - otherwise copy the config
    >>>>>> element to your local web.config.
    >>>>>>
    >>>>>> ---------------------------------------
    >>>>>> Dominick Baier - DevelopMentor
    >>>>>> http://www.leastprivilege.com
    >>>>>>> I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL
    >>>>>>> 2005. I have installed the aspnetdb and I am trying to setup a
    >>>>>>> Logon page with a test user. When I tried to create the test
    >>>>>>> user in the WAT I found that the password was not accepted
    >>>>>>> because it did not contain a non-alphanumeric character. My
    >>>>>>> users will resist using extremely strong passwords. Many will
    >>>>>>> not understand the concept. Therefore, I need to set this to
    >>>>>>> zero. How can I do this?
    >>>>>>>
    >>>>>>> I have a reference that points me to the application web.config
    >>>>>>> file but this seems to apply to a custom membership provider. I
    >>>>>>> do not need to a custom provider. I only want to avoid
    >>>>>>> requiring non-alphanumeric characters in passwords. Later, I
    >>>>>>> may want to setup my own regular expression as well.
    >>>>>>>
    >>>>>>> Thanks for any guidance on this.
    >>>>>>>
    Dominick Baier [DevelopMentor], Jan 7, 2006
    #8
  9. Guest

    Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq

    Thanks. I'll see how it goes.

    "Dominick Baier [DevelopMentor]" wrote:

    > hi,
    >
    > yep - if you configure the provider in you local web.config - this will only
    > apply to your app.
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I am a little confused. I wil be deploying the site to a
    > > hosted/shared web server. I will not be able to make changes to the
    > > machine.config for obvious reasons. If I modify the existing provider
    > > in my app, do the changes apply only to my app? Honestly, this is an
    > > area where I have very little experience.
    > >
    > > "Dominick Baier [DevelopMentor]" wrote:
    > >
    > >> hi,
    > >>
    > >> this does NOT require a custom provider - just configure the existing
    > >> one appropriately.
    > >>
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> Basically, this requires a custom provider. By copying from the
    > >>> machine.config I am saving some time/effort in doing so.
    > >>>
    > >>> "Dominick Baier [DevelopMentor]" wrote:
    > >>>
    > >>>> Hi,
    > >>>>
    > >>>> just give the provider a new name or add a <clear /> element to the
    > >>>> <providers>
    > >>>> section - otherwise you'll have a naming conflict.
    > >>>> ---------------------------------------
    > >>>> Dominick Baier - DevelopMentor
    > >>>> http://www.leastprivilege.com
    > >>>>> I assume that copying this element to the application web.config
    > >>>>> and modifying attributes will safely override for the app. only.
    > >>>>> The app is being deployed to a shared server, so I cannot do
    > >>>>> anything to the machine.config.
    > >>>>>
    > >>>>> "Dominick Baier [DevelopMentor]" wrote:
    > >>>>>
    > >>>>>> Hi,
    > >>>>>>
    > >>>>>> look at the <membership> element in machine.config - you can
    > >>>>>> configure that there machine wide - otherwise copy the config
    > >>>>>> element to your local web.config.
    > >>>>>>
    > >>>>>> ---------------------------------------
    > >>>>>> Dominick Baier - DevelopMentor
    > >>>>>> http://www.leastprivilege.com
    > >>>>>>> I have just started with ASP.NET 2.0 using VS.NET 2005 with SQL
    > >>>>>>> 2005. I have installed the aspnetdb and I am trying to setup a
    > >>>>>>> Logon page with a test user. When I tried to create the test
    > >>>>>>> user in the WAT I found that the password was not accepted
    > >>>>>>> because it did not contain a non-alphanumeric character. My
    > >>>>>>> users will resist using extremely strong passwords. Many will
    > >>>>>>> not understand the concept. Therefore, I need to set this to
    > >>>>>>> zero. How can I do this?
    > >>>>>>>
    > >>>>>>> I have a reference that points me to the application web.config
    > >>>>>>> file but this seems to apply to a custom membership provider. I
    > >>>>>>> do not need to a custom provider. I only want to avoid
    > >>>>>>> requiring non-alphanumeric characters in passwords. Later, I
    > >>>>>>> may want to setup my own regular expression as well.
    > >>>>>>>
    > >>>>>>> Thanks for any guidance on this.
    > >>>>>>>

    >
    >
    >
    , Jan 8, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Q. John Chen
    Replies:
    0
    Views:
    336
    Q. John Chen
    Nov 15, 2006
  2. Q. John Chen
    Replies:
    0
    Views:
    296
    Q. John Chen
    Nov 15, 2006
  3. Jeff
    Replies:
    1
    Views:
    2,245
    Kevin Spencer
    Apr 2, 2007
  4. Suganya
    Replies:
    0
    Views:
    432
    Suganya
    Apr 29, 2008
  5. Replies:
    3
    Views:
    834
    Dominick Baier [DevelopMentor]
    Feb 1, 2006
Loading...

Share This Page