Rediger

Del via


ChangePassword.NewPasswordRegularExpression Property

Definition

Gets or sets the regular expression that is used to validate the password provided by the user.

public:
 virtual property System::String ^ NewPasswordRegularExpression { System::String ^ get(); void set(System::String ^ value); };
public virtual string NewPasswordRegularExpression { get; set; }
member this.NewPasswordRegularExpression : string with get, set
Public Overridable Property NewPasswordRegularExpression As String

Property Value

The regular expression string used to validate the new password provided by the user. The default is Empty.

Examples

The following code example shows how to set the NewPasswordRegularExpression property to define a regular expression that checks passwords to ensure that they meet the following criteria:

  • Are greater than six characters.

  • Contain at least one digit.

  • Contain at least one special (non-alphanumeric) character.

The password requirements contained in the PasswordHintText property are displayed to the user.

If the password entered by the user does not meet the criteria, the text contained in the NewPasswordRegularExpressionErrorMessage property is displayed to the user. If a new password is not entered, the text contained in the NewPasswordRequiredErrorMessage property is displayed to the user.

Note

The new password must also meet the minimum requirements set by the membership provider in the MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters, and PasswordStrengthRegularExpression properties. If the password does not meet these requirements, the ChangePasswordError event is raised.

<%@ page language="C#"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
  <title>Change Password with Validation</title>
</head>
<body>
  <form id="form1" runat="server">
  <div>
  <asp:changepassword id="ChangePassword1" runat="server"
  PasswordHintText = 
    "Please enter a password at least 7 characters long, 
    containing a number and one special character."
  NewPasswordRegularExpression =
    '@\"(?=.{7,})(?=(.*\d){1,})(?=(.*\W){1,})' 
  NewPasswordRegularExpressionErrorMessage =
    "Error: Your password must be at least 7 characters long, 
    and contain at least one number and one special character." >
  </asp:changepassword>
  </div>
  </form>
</body>
</html>
<%@ page language="VB"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
  <title>Change Password with Validation</title>
</head>
<body>
  <form id="form1" runat="server">
  <div>
  <asp:changepassword id="ChangePassword1" runat="server"
  PasswordHintText = "Please enter a password at least 7 characters long, containing a number and one special character."
  NewPasswordRegularExpression = '@\"(?=.{7,})(?=(.*\d){1,})(?=(.*\W){1,})' 
  NewPasswordRegularExpressionErrorMessage = "Your password must be at least 7 characters long, and contain at least one number and one special character.">
  </asp:changepassword>
  </div>
  </form>
</body>
</html>

Remarks

Use the NewPasswordRegularExpression property to define the requirements for passwords that are used to validate user accounts on your Web site. This regular expression is used to enforce password rules on the client side. The NewPasswordRegularExpression is not related to the password enforcement that can be configured at the data store level. The password must meet the minimum requirements set by the membership provider in the MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters, and PasswordStrengthRegularExpression properties. If the password does not meet these requirements, the ChangePasswordError event is raised.

To display requirements to the user, set the PasswordHintText property.

If the password entered does not pass the regular expression contained in the NewPasswordRegularExpression property, the text contained in the NewPasswordRegularExpressionErrorMessage property is displayed to the user.

If the password is rejected by the membership provider, the text contained in the ChangePasswordFailureText property is displayed.

A common use of password standards is to force users to select strong passwords. As a best practice, enforce password rules at the data level in the membership provider. The NewPasswordRegularExpression property allows for the convenience of checking the password on the client side, but does not lock out users who make repeated attempts to log on. To improve security, configure your membership provider to restrict the number of attempts a user may make to log on. For more information, see Securing Membership.

Applies to

See also