ASPX templates
Version 5.x > ASPX templates > Password Policy View modes: 
User avatar
Member
Member
kentico-eg-consulting - 8/10/2010 6:11:56 AM
   
Password Policy
Is it possible to create a password policy. For Admin creating users and in My Profile

I've tried changing the UserPassword field in System Tables > User

I've tried using a Regular Expression (?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{6,20})$

Also tried a Min Length (6)

But the password field doesn't seem to be using the validation?

I'm using V5.5.7

Thanks

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 8/10/2010 10:06:19 AM
   
RE:Password Policy
Hello,

The values you are editing aren't affecting the input fields, because the registration form isn't created from this form.

We unfortunatelly don't have any in-built feature to set password rules. However, you could succesfully use a similar approach like in this KB article.

You could even use some regular expression to verify the password composition, e.g. something like described here.

I'd also suggest checking information about modifying of standard webparts.

Best regards,
Boris Pocatko

User avatar
Member
Member
kentico-eg-consulting - 8/11/2010 10:21:22 AM
   
RE:Password Policy
Thanks I've managed to get this working by amending the following

/CMSAdminControls/UI/ChangePassword.ascx.cs
/CMSSiteManager/Administration/Users/User_Edit_Password.aspx.cs
/CMSSiteManager/Administration/Users/User_New.aspx.cs

I added this function to each

private bool HasPassedPolicy(string pPassword)
{
// At least 6 characters and at least one letter and number
Regex passwordPattern = new Regex("(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{6,20})$");
return passwordPattern.IsMatch(pPassword);
}


Then added to btnOK_Click in each something like

 if (HasPassedPolicy(txtPassword1.Text))
{
UserInfoProvider.SetPassword(ui.UserName, txtPassword1.Text);

lblInfo.Text = ResHelper.GetString("General.ChangesSaved");
}
else
{
// Not passed policy
lblError.Text = ResHelper.GetString("Administration-User_Edit_Password.PasswordsNotPassedPolicy");
}


You will have to slightly change the placement of the condition in each file

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 8/12/2010 2:33:41 AM
   
RE:Password Policy
Hello,

Thank you for letting us know. This post will be valuable for other users doing a similar customization.

Best regards,
Boris Pocatko