ChangePassword.NewPasswordRegularExpression Property
Gets or sets the regular expression that is used to validate the password provided by the user.
Assembly: System.Web (in System.Web.dll)
Use the NewPasswordRegularExpression property to define the requirements for passwords that are used to validate user accounts on your Web site. This regular expression is used to enforce password rules on the client side. The NewPasswordRegularExpression is not related to the password enforcement that can be configured at the data store level. The password must meet the minimum requirements set by the in the MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters, and PasswordStrengthRegularExpression properties. If the password does not meet these requirements, the ChangePasswordError event is raised.
To display requirements to the user, set the PasswordHintText property.
If the password entered does not pass the regular expression contained in the NewPasswordRegularExpression property, the text contained in the NewPasswordRegularExpressionErrorMessage property is displayed to the user.
If the password is rejected by the membership provider, the text contained in the ChangePasswordFailureText property is displayed.
A common use of password standards is to force users to select strong passwords. As a best practice, enforce password rules at the data level in the membership provider. The NewPasswordRegularExpression property allows for the convenience of checking the password on the client side, but does not lock out users who make repeated attempts to log on. To improve security, configure your membership provider to restrict the number of attempts a user may make to log on. For more information, see Securing Membership.
The following code example shows how to set the NewPasswordRegularExpression property to define a regular expression that checks passwords to ensure that they meet the following criteria:
Are greater than six characters.
Contain at least one digit.
Contain at least one special (non-alphanumeric) character.
The password requirements contained in the PasswordHintText property are displayed to the user.
If the password entered by the user does not meet the criteria, the text contained in the NewPasswordRegularExpressionErrorMessage property is displayed to the user. If a new password is not entered, the text contained in the NewPasswordRequiredErrorMessage property is displayed to the user.
Note |
|---|
The new password must also meet the minimum requirements set by the in the MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters, and PasswordStrengthRegularExpression properties. If the password does not meet these requirements, the ChangePasswordError event is raised. |
<%@ page language="C#"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Change Password with Validation</title> </head> <body> <form id="form1" runat="server"> <div> <asp:changepassword id="ChangePassword1" runat="server" PasswordHintText = "Please enter a password at least 7 characters long, containing a number and one special character." NewPasswordRegularExpression = '@\"(?=.{7,})(?=(.*\d){1,})(?=(.*\W){1,})' NewPasswordRegularExpressionErrorMessage = "Error: Your password must be at least 7 characters long, and contain at least one number and one special character." > </asp:changepassword> </div> </form> </body> </html>
Available since 2.0
PasswordHintText
NewPassword
NewPasswordRegularExpressionErrorMessage
NewPasswordLabelText
NewPasswordRequiredErrorMessage
ChangePassword Class
System.Web.UI.WebControls Namespace
ASP.NET Login Controls Overview
Customizing the Appearance of ASP.NET Login Controls
ASP.NET Web Server Controls Templates
How to: Display Different Information to Anonymous and Logged In Users
Web Site Administration Tool Security Tab
Securing Login Controls
Basic Security Practices for Web Applications
Securing Membership
.jpeg?cs-save-lang=1&cs-lang=csharp)