问题
We're using the standard ASP.NET authentication provider (AspNetSqlMembershipProvider as it happens) and the defualt password strength requirement is a little excessive for our needs.
We require our users to enter a password that is alphanumeric at least (i.e, letters and at least one number mandatory, mixed case and non-alphanumeric characters if the user so desires).
Can anyone suggest what PasswordStrengthRegularExpression setting would achieve this?
Also, how can we control the error message shown to the user if the password they try to use fails the regular expression check?
Note
It was found that the minRequiredNonalphanumericCharacters property must be set to 0, otherwise this setting overrides any regular expression that is used
回答1:
Here is a regex that allows all characters and requires at least one number and requiring at least 6 characters.
^.*(?=.{6,})(?=.*\d).*$
If you want more or less characters defined simply change (?=.{6,}) to reflect the number of characters you want as a minimum.
回答2:
We just implemented the following expression to validate a pwd of 8 to 16 characters and contain three of the following 4 items: upper case letter, lower case letter, a symbol, a number
(?=^[^\s]{8,16}$)((?=.*?\d)(?=.*?[A-Z])(?=.*?[a-z])|(?=.*?\d)(?=.*?[^\w\d\s])(?=.*?[a-z])|(?=.*?[^\w\d\s])(?=.*?[A-Z])(?=.*?[a-z])|(?=.*?\d)(?=.*?[A-Z])(?=.*?[^\w\d\s]))^.*
An explanation of individual components:
- (?=^[^\s]{8,16}$) - contain between 8 and 16 non-whitespace characters
- (?=.*?\d) - contains 1 numeric
- (?=.*?[A-Z]) - contains 1 uppercase character
- (?=.*?[a-z]) - contains 1 lowercase character
- (?=.*?[^\w\d\s]) - contains 1 symbol
notice after the length segment the double parens and later in the expression you'll see several |'s. This allows for the either/or comparison of the 4 possible combinations that are allowed.
After writing this I just noticed this question was asked over a year ago. Since I had come across this question in my search I hope someone else can also benefit from our solution.
来源:https://stackoverflow.com/questions/447638/a-sensible-passwordstrengthregularexpression