ChangePassword.NewPasswordRegularExpression Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets or sets the regular expression that is used to validate the password provided by the user.
public:
virtual property System::String ^ NewPasswordRegularExpression { System::String ^ get(); void set(System::String ^ value); };public virtual string NewPasswordRegularExpression { get; set; }member this.NewPasswordRegularExpression : string with get, setPublic Overridable Property NewPasswordRegularExpression As StringProperty Value
The regular expression string used to validate the new password provided by the user. The default is Empty.
Examples
The following code example shows how to set the NewPasswordRegularExpression property to define a regular expression that checks passwords to ensure that they meet the following criteria:
Are greater than six characters.
Contain at least one digit.
Contain at least one special (non-alphanumeric) character.
The password requirements contained in the PasswordHintText property are displayed to the user.
If the password entered by the user does not meet the criteria, the text contained in the NewPasswordRegularExpressionErrorMessage property is displayed to the user. If a new password is not entered, the text contained in the NewPasswordRequiredErrorMessage property is displayed to the user.
Note
The new password must also meet the minimum requirements set by the membership provider in the MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters, and PasswordStrengthRegularExpression properties. If the password does not meet these requirements, the ChangePasswordError event is raised.
<%@ page language="C#"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Change Password with Validation</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:changepassword id="ChangePassword1" runat="server"
PasswordHintText =
"Please enter a password at least 7 characters long,
containing a number and one special character."
NewPasswordRegularExpression =
'@\"(?=.{7,})(?=(.*\d){1,})(?=(.*\W){1,})'
NewPasswordRegularExpressionErrorMessage =
"Error: Your password must be at least 7 characters long,
and contain at least one number and one special character." >
</asp:changepassword>
</div>
</form>
</body>
</html>
<%@ page language="VB"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Change Password with Validation</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:changepassword id="ChangePassword1" runat="server"
PasswordHintText = "Please enter a password at least 7 characters long, containing a number and one special character."
NewPasswordRegularExpression = '@\"(?=.{7,})(?=(.*\d){1,})(?=(.*\W){1,})'
NewPasswordRegularExpressionErrorMessage = "Your password must be at least 7 characters long, and contain at least one number and one special character.">
</asp:changepassword>
</div>
</form>
</body>
</html>
Remarks
Use the NewPasswordRegularExpression property to define the requirements for passwords that are used to validate user accounts on your Web site. This regular expression is used to enforce password rules on the client side. The NewPasswordRegularExpression is not related to the password enforcement that can be configured at the data store level. The password must meet the minimum requirements set by the membership provider in the MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters, and PasswordStrengthRegularExpression properties. If the password does not meet these requirements, the ChangePasswordError event is raised.
To display requirements to the user, set the PasswordHintText property.
If the password entered does not pass the regular expression contained in the NewPasswordRegularExpression property, the text contained in the NewPasswordRegularExpressionErrorMessage property is displayed to the user.
If the password is rejected by the membership provider, the text contained in the ChangePasswordFailureText property is displayed.
A common use of password standards is to force users to select strong passwords. As a best practice, enforce password rules at the data level in the membership provider. The NewPasswordRegularExpression property allows for the convenience of checking the password on the client side, but does not lock out users who make repeated attempts to log on. To improve security, configure your membership provider to restrict the number of attempts a user may make to log on. For more information, see Securing Membership.
Applies to
See also
- PasswordHintText
- NewPassword
- NewPasswordRegularExpressionErrorMessage
- NewPasswordLabelText
- NewPasswordRequiredErrorMessage
- ASP.NET Login Controls Overview
- Customizing Appearance and Behavior of the ASP.NET Login Controls
- ASP.NET Web Server Controls Templates
- How to: Display Different Information to Anonymous and Logged In Users
- Web Site Administration Tool Security Tab
- Securing Login Controls
- Basic Security Practices for Web Applications
- Securing Membership
