+1-888-365-2779
Try Now
More in this section

Forums / Deployment / Active Directory Provider - Password Policy

Active Directory Provider - Password Policy

3 posts, 0 answered
  1. Brian
    Brian avatar
    5 posts
    Registered:
    02 Jun 2008
    13 Jun 2008
    Link to this post
    Hello,

    How can I change the Password Policy (minimum # of characters, minimum required nonalphanumeric characters) on an Active Directory provider User creation?

    Some background: I am implementing the Active Directory role / membership provider.  On a different forum thread, I have discussed the fact that my current usage scenario is that I will be using Active Directory to provide roles and members, but will be adding public users to this list of users.  Since these users are considered "public" (i.e. they are not from the Active Directory membership provider), I cannot assign them to Active Directory roles.  Thus, these new users are of role = everyone.

    To accomodate my Active Directory membership provider, I have the following xml in my web.config file:

    <

    membership defaultProvider="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType="">
        <
    providers>
            <
    clear />
            <
    add
                name="Sitefinity"
                connectionStringName="ActiveDirectory"
                enableSearchMethods="true"
                attributeMapUsername="sAMAccountName"
                connectionUsername="<username>"
                connectionPassword="<password>"
                type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security"
                minRequiredNonalphanumericCharacters="0"
            />
        </providers>
    </
    membership>

     


    Now, through the Administration / Users screen (logged in as an administrator), I can Create a User.  When I go to create a user, I fill out the necessary information (including password, twice), and click "Create this User" - however, the Password Policy prevents me from creating one that is less than 7 characters and 1 nonalphanumeric character.

    Having a look at a "Public" membership provider, I have tried inserting 

     

    minRequiredPasswordLength="1"
    minRequiredNonalphanumericCharacters="0"

    into the ActiveDirectory provider section.  However, now when I try to type in a password (following my new policy), I get something interesting (and I suspect a bug) - I type in a valid password (6 characters), but it tells me that "Password must be 1 character long with 0 Nonalphanumeric characters"...clearly my password meets these criteria, but it is not accepting it.  When I insert a password > 7 characters, with 1 nonalphanumeric character, it accepts my password fine (i.e. it is ignoring the Password Policy that I have stated in my web.config file, but the feedback I receive on the screen makes it appear that it is following the new policy).

    Can you please tell me if I'm doing somethign wrong, and how I can override this 7 character, 1 nonalphanumeric character policy?

    Thanks in advance!
    Brian

     

  2. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    17 Jun 2008
    Link to this post
    Hello Brian,

    The password policy could be changed only in your ActiveDirectory controller.

    This means that even if your password meets the requirements of our ActiveDirectoryMemebershipProvider, the password could be rejected by the controller.

    Here's some more information about these problems:
    I hope the provided information is helpful.

    Best wishes,
    Georgi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Brian
    Brian avatar
    5 posts
    Registered:
    02 Jun 2008
    17 Jun 2008
    Link to this post
    That makes perfect sense.  Thanks for your response!
    Brian
Register for webinar
3 posts, 0 answered