Change error message for password policy validation in System.Web.Security.MembershipProvider (EPiServer)

Question

here is my case.

I am using EPiServer 9 and I have configured a SqlServerMembershipProvider as follows:

<add name="SqlServerMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                     connectionStringName="EPiServerXYZ"
                     enablePasswordRetrieval="false"
                     enablePasswordReset="true"
                     requiresQuestionAndAnswer="false"
                     requiresUniqueEmail="false"
                     maxInvalidPasswordAttempts="5"
                     minRequiredPasswordLength="8"
                     minRequiredNonalphanumericCharacters="1"
                     passwordAttemptWindow="10"
                     applicationName="/"
                     passwordStrengthRegularExpression="^.*(?=.{8,})(?=.*\d)(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[^\w\d\s]).*$" />

Everything is working fine, the validations and different scenarios.

Our problem is that the error message being displayed by the membership provider is created by using the configuration and it ends up giving not user friendly messages such as:

'Invalid password, minimum length: 8, minimum non alphanumeric characters: 1'
'Non alpha numeric characters in 'newPassword' needs to be greater than or equal to '1'. Parameter name: newPassword'
'The parameter 'newPassword' does not match the regular expression specified in config file. Parameter name: newPassword'

I would love to set a custom error message which really explains to the user all of the requirements we have in the regular expression which is used to validate the password.

The only way I can think about doing this so far is by implementing/extending the current provider we are using just to set a custom error message when something goes wrong with the validation but I guess there might be another better/simpler way of doing this.

Thanks in advance!

Custom may be the best route and you may not have to do much other than override ValidateUser(). If invalid, then just manage your custom message. Try this for starters: http://stackoverflow.com/a/12094556/2779990 — Stinky Towel, Oct 04 '16 at 17:22

score 0 · Answer 1 · answered Oct 04 '16 at 17:23

0

I concur with your custom error message idea.

Consider displaying a div with UI error messages that are hidden until an input error is detected. This could be positioned to the right of the inputs textboxes or above the submit button. The error messages displayed would depend upon the input error(s) detected.

For any password / confirm password input error, define a generic password error message and then list the password input requirements as listed with your question.

Additional error messages could be added for Username and E-mail address input errors.

answered Oct 04 '16 at 17:23

JohnH

1,920
4
25
32

1

The screenshot is of an OOTB Episerver feature, and that part of the UI isn't readily customizable. :/ So I think a custom implementation overriding the default error message is the simplest approach. – Ted Nyberg Oct 05 '16 at 15:55
Good point, so the creation of a new div for error messages may not be viable for Episerver. I would hope that Episerver has a means to display a custom error message, though I do not know this to be so. – JohnH Oct 05 '16 at 16:12

Change error message for password policy validation in System.Web.Security.MembershipProvider (EPiServer)

1 Answers1