Developer forum

Forum » Development » Password Complexity Rules and DW Security API

Password Complexity Rules and DW Security API

E-mail notifications
Ronni Hansen
Ronni Hansen
Reply
Posted on 14/08/2019 12:20:16

Hi DW

I am using your security API for creating and logging in users using AJAX calls to an MVC Controller.

It seems however, that User.Save() and User.EncryptPassword() bypasses the passwrod complexity rules setup in the DW backend. 

Do you have an idea how i can either correctly use the API to conform to these rules, or if there is any way i can request the rules from the API and put them to use, without building something custom in regards to password complexity:)

Thanks in advance!

-Ronni


Replies

 
Nicolai Pedersen
Posted on 15/08/2019 12:52:07
Reply

Hi Ronni

Take a look in the Dynamicweb.Security namespace and sub namespaces - the PasswordGenerator in particular. We have a check like this on the password in the backend:

Private Function ValidatePassword() As String
            Dim errorString As String = String.Empty
            Dim errorCode As Integer
            Dim checkBackend As Boolean = AllowBackendCheckbox.Checked Or Not String.IsNullOrEmpty(InheritedGroupsText())

            If Not (Password.Value.Length = 32 OrElse Password.Value.Length = 128) AndAlso Not PasswordGenerator.CheckPasswordComplexity(Password.Value, userID, errorString, errorCode, False, checkBackend) Then
                Return errorString
            End If

            Return "OK"
        End Function
 
Ronni Hansen
Ronni Hansen
Posted on 22/08/2019 10:25:08
Reply

Hi Nicolai

I forgot to get back to you on this, but the generator method works like a charm :-)

Is there any way to do this for the loginattempts?

Thanks a bundle, and congratz with the 20 yrs tomorrow :)!

BR Ronni

 

 
Nicolai Pedersen
Posted on 22/08/2019 11:42:13
Reply

Great - and thanks!

 

You must be logged in to post in the forum