Setting the Password complexity

Question

For setting the Password complexity in .Net MVC web application, how can I achieve the following rules:

1) Password must not contain significant portions (three or more contiguous characters) of the name. (this point is not available in that linked post)

2) At least three of the following four categories:

English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters: ~!@#$%^&*;?+_

I would like to achieve this using javascript/jquery.

Thanks

Why javascript? You can do this better with annotations in ASP.NET MVC — MacakM, Apr 17 '17 at 07:05
Wouldn't a minimum length be more useful than the characters from each category concept? What is "name"? The user's name? — nnnnnn, Apr 17 '17 at 07:05
@nnnnnn- password should be minimum 8 characters in length and maximum 10 characters. — Akshay Chawla, Apr 17 '17 at 07:07
Possible duplicate of [jQuery Validate plugin - password check - minimum requirements - Regex](http://stackoverflow.com/questions/18746234/jquery-validate-plugin-password-check-minimum-requirements-regex) — Zaheer Ul Hassan, Apr 17 '17 at 07:08
@ZaheerUlHassan- does that post/question has requirement of following point ? "1) Password must not contain significant portions (three or more contiguous characters) of name." — Akshay Chawla, Apr 17 '17 at 07:10
Maximum 10? Please no. Allow at least 20-something for users that want that. (And I assume you're not storing the unhashed passwords in your database?) — nnnnnn, Apr 17 '17 at 07:16
@nnnnnn- not possible to increase the maximum length than 10. — Akshay Chawla, Apr 17 '17 at 07:18

MacakM · Answer 1 · 2017-04-17T07:26:46.387

0

It is not good to use javascript for this purpose (it can be bypassed). Better solution is to use ASP.NET MVC Data Annotations. With them you can set attributes to your model class and when is POST operation triggered, it will validate the input based on this attributes.

You can learn more here: https://learn.microsoft.com/en-us/aspnet/mvc/overview/older-versions-1/models-data/validation-with-the-data-annotation-validators-cs

You can also write your custom validation attribute based on your needs. In your case I think the [RegularExpression] attribute would be sufficient for 2).

For 1) you should make your custom attribute as is shown in here: http://www.c-sharpcorner.com/UploadFile/rahul4_saxena/mvc-4-custom-validation-data-annotation-attribute/

edited Apr 17 '17 at 07:26

answered Apr 17 '17 at 07:09

MacakM

1,804
3
23
46

@MacakM- do you think that i can achieve my 1st point through this [RegularExpression] attribute ?? – Akshay Chawla Apr 17 '17 at 07:16
I am not sure if I understand that point... does it mean that password for user MacakM can't be aca5842? – MacakM Apr 17 '17 at 07:24
for e.g: name=MacakM, so password cant have any of the 3 continuos characters from the name 'MacakM'. Like valid password = Ab1@h2s5. Invalid password = AbMac5s because it has 'Mac' of name. – Akshay Chawla Apr 17 '17 at 07:29
2

Yes, then you should use your custom attribute as I wrote in answer. You simply write there what you want to validate and return true/false :) – MacakM Apr 17 '17 at 07:30
Thanks for the responses, I will take a look at the suggestions and see if I can get them working :) – Akshay Chawla Apr 17 '17 at 07:33
Good luck, don't forget then mark the answer that helped you :) – MacakM Apr 17 '17 at 07:35

Setting the Password complexity

1 Answers1