In implementing authentication recently I found it troublesome to pinpoint how to modify this setting. So, here’s how.
In this example, I am using the AspNetSqlMembershipProvider over the Active Directory one. I haven’t changed the name from that, although you could.
This link explains how:
http://msdn.microsoft.com/en-us/library/ff648345.aspx
In your web.config’s system.web section you’ll need:
<membership> <providers> <remove name="AspNetSqlMembershipProvider" /> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" /> </providers> </membership>
Let’s talk about some pieces here.
<remove name="AspNetSqlMembershipProvider" />
could also be <clear/>
Additionally, The Machine.config file contains a default SqlMembershipProvider instance named AspNetSqlMembershipProvider . Which is why I’m replacing it with my web applications web.config setting.
This is explained in depth here: http://msdn.microsoft.com/en-us/library/ff648345.aspx
minRequiredPasswordLength sets the length (can be 1 to 128)
passwordStrengthRegularExpression sets the difficulty that the password will be validated against.
In my recent user testing, the defaults for these settings proved to be annoying and unnecessary.
Cheers.