Recently, I was studying the new login control in asp.net 2.0 and found that the system's default password security requirements are relatively high, that is, "the minimum password length is 7, which must contain the following non-alphanumeric characters: 1.", for ordinary Wang Zhan, there is no Necessary (even windows2003sever does not require such a complex password by default). The modification method provided by some reference materials is to modify it in machine.config. But unless you have administrative rights to the host, you cannot modify it. So it is still recommended to modify it in the web.config file.
The method is to add subtags to the <system.web> node of web.config:
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type=" System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
Let’s explain the key attributes:
connectionStringName database connection. This needs to be set in web.config
enablePasswordRetrieval Gets a value indicating whether the current membership provider is configured to allow users to retrieve their passwords.
enablePasswordReset Gets a value indicating whether the current membership provider is configured to allow users to reset their passwords.
requiresQuestionAndAnswer Gets a value that indicates whether the default membership provider requires users to answer a password question for password reset and retrieval.
applicationName gets or sets the name of the application.
requiresUniqueEmail Indicates whether the user must provide a unique email address value when creating the user.
passwordFormat indicates the format in which passwords are stored in the membership data store. Detailed instructions below
maxInvalidPasswordAttempts Gets the number of invalid password or invalid password answer attempts allowed before the user is locked out of membership.
minRequiredPasswordLength Gets the minimum length required for a password.
minRequiredNonalphanumericCharacters Gets the minimum number of special characters that must be included in a valid password.
passwordAttemptWindow Gets the maximum number of invalid password or invalid password answer attempts allowed before the membership user is locked out, in minutes.
The detailed description property of PasswordFormat indicates the format in which passwords are stored. Passwords can be stored in Clear, Encrypted, and Hashed password formats. Clear passwords are stored in clear text, which improves the performance of storing and retrieving passwords, but is less secure and can be easily read when the security of the data source is compromised. Encrypted Passwords are encrypted when stored and can be decrypted when comparing or retrieving passwords. Such passwords require additional processing during storage and retrieval, but are more secure and cannot be easily retrieved when the security of the data source is compromised. Hashed Passwords are hashed using a one-way hashing algorithm and a randomly generated salt value when stored in the database. When a password is verified, the password is hashed with the salt value in the database for verification. Unable to retrieve hashed password.