Hi everyone
I am struggling with password validation problem. I know that there is a way to set up some requirements in web.config like minimum length, special characters required or even a Regex. But our client has very specific requirements which cannot be fulfilled with thise settings. Most custom are:
your password can't contain username, first name and last name
you can't use one of the breached passwords from the list
password must contain at least 2 of the following: digit, special character, capital letter
I quickly found an obvious solution - create custom UsersMembershipProvider (I believe that I will also need to extend IdentityEnabledMembersMembershipProvider, but for now I focused on administration panel). Long story short, this approach doesn't work (or I am doing somthing wrong). No matter which method I override it is not executed. I tried CreateUser, DeleteUser, and of course ChangePassword. Those actions are performed normally, disrespecting my overrides.
I also tried to inject my own implementation of IIdentityValidator< string> PasswordValidator and IIdentityValidator< TUser> UserValidator as for documentation here. Unfortunately I need both user information and plain text password to perform forementioned validation.
Maybe there is something that I'm doing wrong or I missed some other solutions. Can you help me, please?
I looked through Umbraco code on GItHub and found partial solution - setting allowManuallyChangingPassword to true in provider. Partial, because this enables users to change their passwords without supplying old password and I don't want to do it.
Can someone tell me why overrides from MembershipProviderBase are invoked only when allowManuallyChangingPassword is true?
Custom password validation on password change
Hi everyone I am struggling with password validation problem. I know that there is a way to set up some requirements in web.config like minimum length, special characters required or even a Regex. But our client has very specific requirements which cannot be fulfilled with thise settings. Most custom are:
I quickly found an obvious solution - create custom UsersMembershipProvider (I believe that I will also need to extend IdentityEnabledMembersMembershipProvider, but for now I focused on administration panel). Long story short, this approach doesn't work (or I am doing somthing wrong). No matter which method I override it is not executed. I tried CreateUser, DeleteUser, and of course ChangePassword. Those actions are performed normally, disrespecting my overrides.
I also tried to inject my own implementation of IIdentityValidator< string> PasswordValidator and IIdentityValidator< TUser> UserValidator as for documentation here. Unfortunately I need both user information and plain text password to perform forementioned validation.
Maybe there is something that I'm doing wrong or I missed some other solutions. Can you help me, please?
Best regards, Sebastian
I looked through Umbraco code on GItHub and found partial solution - setting allowManuallyChangingPassword to true in provider. Partial, because this enables users to change their passwords without supplying old password and I don't want to do it.
Can someone tell me why overrides from MembershipProviderBase are invoked only when allowManuallyChangingPassword is true?
is working on a reply...