Try our conversational search powered by Generative AI!

Is it possible to define a Password Policy for EPiServerCommonMembershipProvider?


When using the SqlServerMembershipProvider for users within EPiServer, it is possible to apply a Password Policy with settings such as minRequiredPasswordLength and minRequiredNonalphanumericCharacters in the web.config file.

When using EPiServer Relate, Community users are managed using the EPiServerCommonMembershipProvider. Is there a way to apply a similar and/or more comprehensive Password Policy using this provider?

Jan 05, 2010 17:44

The short and cruel answer is -> No, it does not. The EPiServer.Common.Web.Authorization.MembershipProvider overrides the membership provider properties MinRequiredPasswordLength and MinRequiredNonAlphanumeric Characters, but they have hardcoded 0 as a return value. It does not support reseting the password either (ResetPassword is not implemented) + question and answer password resets.

You could try to inherit from this membership provider and override EPiServer overrides with your own values + add validation logic to the ChangePassword method before calling base.ChangePassword(...) if the validation succeded.


Jan 05, 2010 20:56
This thread is locked and should be used for reference only.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.