I'm using the asp.net Membership Provider in an application. I'm also using the "out of the box" asp:PasswordRecovery control.
My client is complaining that the new passwords being issued are too complicated. e.g. }>;-(hYrS^OTfY
Are there any small tweaks I can make so the new passwords only contain letters and numbers?
thanks!
This worked:
using System;
using System.Collections.Generic;
using System.Web.Profile;
using System.Web.Security;
using System.Text;
namespace TS.Common.MembershipProvider
{
public class MembershipProvider : SqlMembershipProvider
{
/// Create an array of characters to user for password reset.
/// Exclude confusing or ambiguous characters such as 1 0 l o i
string[] characters = new string[] { "2", "3", "4", "5", "6", "7", "8",
"9", "a", "b", "c", "d", "e", "f", "g", "h", "j", "k", "m", "n",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"};
const int DefaultResetPasswordLength = 10;
private int ResetPasswordLength;
// Create a more user friendly password to avoid confusion when
// trying to key in the new value
public override string GeneratePassword()
{
string newPassword = string.Empty;
System.Random rnd = new Random();
for (int i = 0; i < ResetPasswordLength; i++)
{
newPassword +=
characters[rnd.Next(characters.GetUpperBound(0))];
}
return newPassword;
}
}
}