How can I check to make sure a new password is a set length with C#?
Question
I'm working on a password reset function and trying to check to make sure the new password is at least 7 characters. It will run and pass the new password to the controller and set it as the password for the user but it just uses whatever was entered instead of checking to make sure it meets the password requirements. Thanks for any suggestions :)
Here's the model:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.ComponentModel.DataAnnotations;
namespace [CompanyName].Models
{
public class ResetPasswordModel
{
[Required]
[ValidatePasswordLength(7, ErrorMessage = "New passwords must be a minimum of 7 characters, please try a different password.")]
[DataType(DataType.Password)]
[Display(Name = "New password")]
public string NewPassword { get; set; }
[DataType(DataType.Password)]
[Display(Name = "Confirm new password")]
[Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
}
}
And here's the page to reset the password:
@model [CompanyName].Models.ResetPasswordModel
@{
ViewBag.Title = "ResetPassword";
}
@if (Model == null)
{
<p>
We could not find your user account in the database.
</p>
}
else
{
<script type="text/javascript" src="../../Scripts/jquery.infieldlabel.min.js" ></script>
<script type="text/javascript">
$(document).ready(function () {
$("label").inFieldLabels();
});
</script>
<h2>
Reset Password</h2>
<p>
Please enter your new password below.
</p>
<p>
Note: New passwords are required to be a minimum of 7 characters in length.
</p>
<script src="@Url.Content("~/Scripts/jquery.validate.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.min.js")" type="text/javascript"></script>
using (Html.BeginForm())
{
<div style="position: relative;">
<fieldset>
<legend>Reset Password</legend>
<label for="NewPassword" style="position:absolute; top: 24px; left: 16px;">New Password</label>
<div class="editor-field">
@Html.PasswordFor(m => m.NewPassword)
@Html.ValidationMessageFor(m => m.NewPassword)
</div>
<br />
<label for="ConfirmPassword" style="position:absolute; top: 64px; left: 16px;">Confirm New Password</label>
<div class="editor-field">
@Html.PasswordFor(m => m.ConfirmPassword)
@Html.ValidationMessageFor(m => m.ConfirmPassword)
</div>
<p>
<input type="submit" value="reset Password" />
</p>
</fieldset>
</div>
}
}
Updated model code:
[Required]
[DataType(DataType.Password)]
[Display(Name = "New password")]
[StringLength(50, MinimumLength = 7, ErrorMessage="New passwords must be a minimum of 7 characters, please try a different password.")]
public string NewPassword { get; set; }
[DataType(DataType.Password)]
[Display(Name = "Confirm new password")]
[Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
Controller code:
public ActionResult ResetPassword(Guid secureID)
{
int id = secureID.FromSecureID();
var model = new ResetPasswordModel();
return View(model);
}
[HttpPost]
public ActionResult ResetPassword(Guid secureID, ResetPasswordModel model)
{
if (ModelState.IsValid)
{
int id = secureID.FromSecureID();
var user = Database.Users.FirstOrDefault(u => u.ID == id);
if (user == null)
{
ModelState.AddModelError("ID", "Sorry! We could not find your user name in the database, please try again.");
return View(model);
}
//else (model.NewPassword == null) {
//return View();
//}
user.PasswordHash = model.NewPassword.ToSha1Hash();
Database.SubmitChanges();
}
return RedirectToAction("ChangePasswordSuccess");
}
Updated controller code:
[HttpPost]
public ActionResult ResetPassword(Guid secureID, ResetPasswordModel model)
{
if(ModelState.IsValid)
{
int id = secureID.FromSecureID();
var user = Database.Users.FirstOrDefault(u => u.ID == id);
if (user == null)
{
ModelState.AddModelError("ID", "Sorry! We could not find your user name in the database, please try again.");
return View(model);
}
//else (model.NewPassword == null) {
//return View();
//}
user.PasswordHash = model.NewPassword.ToSha1Hash();
Database.SubmitChanges();
return RedirectToAction("ChangePasswordSuccess");
}
return View(model);
}
Updated model code:
namespace [CompanyName].Models
{
public class ResetPasswordModel
{
[Required]
[DataType(DataType.Password)]
[Display(Name = "New Password")]
[StringLength(100, ErrorMessage = "The new must be at least 7 characters long.", MinimumLength = 7)]
public string Password { set; get; }
[Required]
[DataType(DataType.Password)]
[Compare("Password")]
[Display(Name = "Confirm New Password")]
public string ConfirmPassword { set; get; }
}
}
3 answers
solution1
2 2012-03-28 23:51:47
I'm not sure what ValidatePasswordLength is, but System.ComponentModel.DataAnnotations.StringLengthAttribute should suffice and is handled by MVC binders and validators (and also on the jQuery.validate side, too).
[StringLength(50, MinimumLength = 7)]
public string NewPassword { get; set; }
Then in your controller you can have an action like this:
public ActionResult ResetPassword(ResetPasswordViewModel model)
{
if (ModelState.IsValid)
{
//do something with the valid model and return
}
return View(model);
}
solution2
1 ACCPTED 2012-03-29 00:19:17
This Properties in your View model will take care of it.
[Required]
[DataType(DataType.Password)]
[Display(Name = "New Password")]
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 7)]
public string NewPassword{ set; get; }
[Required]
[DataType(DataType.Password)]
[Compare("Password")]
[Display(Name = "Confirm New Password")]
public string ConfirmPassword { set; get; }
and in your controller action, you can check for the ModelState.IsValid property to see if the Validation failed or not
[HttpPost]
public ActionResult ResetPassword(Guid secureID, ResetPasswordModel model)
{
if(ModelState.IsValid)
{
// Validation correct, Lets save the new password and redirect to another action
}
return View(model);
}
solution3
0 2020-06-24 16:15:25
You can use a PasswordValidator.
// Check if the Password has changed
if (!string.IsNullOrEmpty(model.Password))
{
// Get the first PasswordValidators... it must do
var pwd = userManager.PasswordValidators[0];
// Check whether the Password is valid
result = await pwd.ValidateAsync(userManager, user, model.Password);
if (!result.Succeeded)
{
foreach (var error in result.Errors)
ModelState.AddModelError("", error.Description);
return View(model);
}
// Hash the new Password
user.PasswordHash = userManager.PasswordHasher.HashPassword(user, model.Password);
bDirty = true;
}
You can eliminate this line from the View.
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 7)]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
C# How can I make sure that required UDP data gets to the client/server?
C# - How can I make sure all my structures are initialized?
C# How can I make sure to execute awaitable operations in a single thread
c# how can i make sure that my application will look the same on other systems?
How can I make my C# application check for updates?
Can not set password when create new Active Directory with C#
How can I check if a class property is set in C#?
How do I make sure a file path is safe in C#?
How do I make sure that a button is not pressed down in C#?
How can I check for the TFS 2010 permissions of a project without knowing password using C#?
Related Tags