Issue to password

Question

Issue to password

Scott Huang 3,511

Hi,
Is there existing way in C# to validate that the relevant password does meet Windows password complexity?

Viorel 127K Reputation points

2022-03-15T14:19:58.257+00:00

If you are interested in Windows functionality, then consider the NetValidatePasswordPolicy function, which can be called from a Class Library made in C++/CLI, accessed from C#. Maybe you will also find some samples based on "P/Invoke".

1 answer

Your answer

Viorel 127K Reputation points

2022-03-15T14:19:58.257+00:00

If you are interested in Windows functionality, then consider the NetValidatePasswordPolicy function, which can be called from a Class Library made in C++/CLI, accessed from C#. Maybe you will also find some samples based on "P/Invoke".

Answer 1

If you search for .net password validator library there are a handful out there to choice from, personally I would use my own.

For example

public class PasswordCheck : ValidationAttribute
{
    public override bool IsValid(object value)
    {
        var validPassword = false;
        var reason = string.Empty; // for debugging only
        var password = (value == null) ? string.Empty : value.ToString();

        if (string.IsNullOrWhiteSpace(password) || password.Length < 6)
        {
            reason = "new password must be at least 6 characters long. ";
        }
        else
        {
            var pattern = new Regex("((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})");
            if (!pattern.IsMatch(password))
            {
                reason += "Your new password must contain at least 1 symbol character and number.";
            }
            else
            {
                validPassword = true;
            }
        }

        return validPassword;

    }

}

And include a check for asking the user to re-enter their password e.g.

public class CustomerLogin
{
    /// <summary>
    /// User name
    /// </summary>
    /// <returns>User name for login</returns>
    [Required(ErrorMessage = "{0} is required"), DataType(DataType.Text)]
    [StringLength(10, MinimumLength = 6)]
    public string UserName { get; set; }
    /// <summary>
    /// User password which must match PasswordConfirmation using
    /// PasswordCheck attribute
    /// </summary>
    /// <returns>plain text password</returns>
    [Required(ErrorMessage = "{0} is required"), DataType(DataType.Text)]
    [StringLength(20, MinimumLength = 6)]
    [PasswordCheck(ErrorMessage = "Must include a number and symbol in {0}")]
    public string Password { get; set; }
    /// <summary>
    /// Confirmation of user password
    /// </summary>
    /// <returns>plain text password</returns>
    [Compare("Password", 
         ErrorMessage = "Passwords do not match, please try again"), 
     DataType(DataType.Text)]
    [StringLength(20, MinimumLength = 6)]
    public string PasswordConfirmation { get; set; }
    public override string ToString() => UserName;

}

Source code in the following repository, see project ValidateLogin1 for a Windows Forms example and ValidateLoginCore for a WPF example.

Scott Huang 3,511 Reputation points

2022-04-02T09:02:13.797+00:00

Hi,
Can you help as the code below, is not able to capture the invalid input of the password?

var reason_ori=""; if (!IsValid(tb_password.Text,reason_ori)) ... public bool IsValid(object value, object reason_ret) { var validPassword = false; //var reason = string.Empty; // for debugging only var password = (value == null) ? string.Empty : value.ToString(); if (string.IsNullOrWhiteSpace(password) || password.Length < 6) { reason_ret = "New password must be at least 6 characters long. "; } else { var pattern = new Regex("((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})"); if (!pattern.IsMatch(password)) { reason_ret += "Your new password must contain at least 1 symbol character and number."; } else { validPassword = true; } } return validPassword; }

Share via

Issue to password

1 answer

Your answer