Developer forum

Forum » Development » Password Complexity Rules and DW Security API

Password Complexity Rules and DW Security API

Ronni Hansen
Ronni Hansen
Reply

Hi DW

I am using your security API for creating and logging in users using AJAX calls to an MVC Controller.

It seems however, that User.Save() and User.EncryptPassword() bypasses the passwrod complexity rules setup in the DW backend. 

Do you have an idea how i can either correctly use the API to conform to these rules, or if there is any way i can request the rules from the API and put them to use, without building something custom in regards to password complexity:)

Thanks in advance!

-Ronni


Replies

 
Nicolai Pedersen
Reply

Hi Ronni

Take a look in the Dynamicweb.Security namespace and sub namespaces - the PasswordGenerator in particular. We have a check like this on the password in the backend:

Private Function ValidatePassword() As String
            Dim errorString As String = String.Empty
            Dim errorCode As Integer
            Dim checkBackend As Boolean = AllowBackendCheckbox.Checked Or Not String.IsNullOrEmpty(InheritedGroupsText())

            If Not (Password.Value.Length = 32 OrElse Password.Value.Length = 128) AndAlso Not PasswordGenerator.CheckPasswordComplexity(Password.Value, userID, errorString, errorCode, False, checkBackend) Then
                Return errorString
            End If

            Return "OK"
        End Function
 
Ronni Hansen
Ronni Hansen
Reply

Hi Nicolai

I forgot to get back to you on this, but the generator method works like a charm :-)

Is there any way to do this for the loginattempts?

Thanks a bundle, and congratz with the 20 yrs tomorrow :)!

BR Ronni

 

 
Nicolai Pedersen
Reply

Great - and thanks!

 

You must be logged in to post in the forum