From d0f560ffc7ee5767f05f433974dca1b2c669d93d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Ka=C4=8Dena?= Date: Mon, 4 Dec 2023 00:02:38 +0100 Subject: [PATCH 1/2] Update Membership.xml Fixed invalid value of passwordStrengthRegularExpression in Web.config example - removed redundant characters. --- xml/System.Web.Security/Membership.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xml/System.Web.Security/Membership.xml b/xml/System.Web.Security/Membership.xml index a509921da41..bcd67b9ea2d 100644 --- a/xml/System.Web.Security/Membership.xml +++ b/xml/System.Web.Security/Membership.xml @@ -1716,7 +1716,7 @@ type="System.Web.Security.SqlMembershipProvider" connectionStringName="SqlServices" requiresQuestionAndAnswer="true" - passwordStrengthRegularExpression=" @\"(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})" + passwordStrengthRegularExpression="(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})" /> From 161bdc83189e716b09b0fbe5a6a276d21236a2c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Ka=C4=8Dena?= Date: Mon, 4 Dec 2023 12:03:53 +0100 Subject: [PATCH 2/2] Update Membership.xml - passwordStrengthRegularExpression example Fixed incorrect length description for passwordStrengthRegularExpression example and extended the example to lowercase and uppercase letter conditions. --- xml/System.Web.Security/Membership.xml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/xml/System.Web.Security/Membership.xml b/xml/System.Web.Security/Membership.xml index bcd67b9ea2d..aa964f8f036 100644 --- a/xml/System.Web.Security/Membership.xml +++ b/xml/System.Web.Security/Membership.xml @@ -1699,11 +1699,15 @@ ## Examples The following code example shows the [membership](https://docs.microsoft.com/previous-versions/dotnet/netframework-4.0/1b9hw62f(v%3dvs.100)) configuration element in the `system.web` section of the application's Web.config file. It specifies that the application use an instance of the class to provide membership services, and sets the `passwordStrengthRegularExpression` attribute to a regular expression that validates the password meets the following criteria: -- Is greater than seven characters. +- Is at least six characters long. -- Contains at least one digit. +- Contains at least one digit. -- Contains at least one special (non-alphanumeric) character. +- Contains at least one special (non-alphanumeric) character. + +- Contains at least one lowercase letter. + +- Contains at least one uppercase letter. If the password does not meet these criteria, the password is not accepted by the membership provider. @@ -1716,7 +1720,7 @@ type="System.Web.Security.SqlMembershipProvider" connectionStringName="SqlServices" requiresQuestionAndAnswer="true" - passwordStrengthRegularExpression="(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})" + passwordStrengthRegularExpression="(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})(?=.*[a-z])(?=.*[A-Z])" />