Default .Net Membership Provider – Override Password Generator via Implementing a Custom Membership Provider

If you use the default membership provider (SqlMembershipProvider) in your .Net Web Application, the default behavior of the password generator will be giving you randomly generated passwords such as #@[tdf$#_dfg67d$%_[ etc etc which include some very confusing non-alphanumeric characters.

If you want to limit the character pool the password generator selects characters from or change the maximum number of characters selected in your randomly generated passwords, you will need to implement your own Custom Membership Provider to override this behaviour.

1 – Create a new class in your project and name it say ‘MyMembershipProvider’.
2 – Inherit from the default ‘SqlMembershipProvider’.
3 – Override the Initialize method to reset the password length.
4 – Override the GeneratePassword method with your custom method for generating a password.

The VB.Net code listing can be found at the bottom of this blog entry. If you would like this converted to C#, let me know.

For your Web application to make use of your new Custom Membership Provider, you need to make some changes to your web.config file.

In your web.config file, you will see the following -

<membership defaultProvider="DefaultMembershipProvider">
    <providers>
    ...
    </providers>
</membership>

Update this to

<membership defaultProvider="MyMembershipProvider">
    <providers>
        <add name="MyMembershipProvider" type="MembershipProvider" minRequiredPasswordLength="6" .... />
    </providers>
</membership>

Code listing for MyMembershipProvider class:

Public Class MyMembershipProvider
    Inherits SqlMembershipProvider 

    ' private variable declarations
    Private _random As System.Random
    Private _chars() As String
    Private _passwordLength As Integer 

    ' Constructor
    Public Sub New()
        _random = New Random
        _chars = InitialiseCharArray()
        _passwordLength = 6
    End Sub 

    ' Override Initialize method to reset the password length
    Public Overrides Sub Initialize(ByVal name As String, ByVal config As  system.Collections.Specialized.NameValueCollection)
        Dim _l As String = _passwordLength
        Dim _lc As String = config(”resetPasswordLength”)

        If Not IsNothing(_l) Then
           ' Have to remove the config entry as the provider we are inheriting from
           ' doesn’t understand it and will throw an exception.
            config.Remove(”resetPasswordLength”)
            If Not Integer.TryParse(_lc, _l) Then
               _l = _passwordLength
            End If
        End If
        MyBase.Initialize(name, config)
    End Sub

    ' Procedure to override the password generation functionality and return a random password of 6 alphnumberic characters.
    Public Overrides Function GeneratePassword() As String
        Dim _password As String = String.Empty
        For i As Integer = 1 To _passwordLength
            _password &= GenerateRandomCharacter()
        Next
        Return _password
    End Function

    ' Create a character map of characters we want our passwords to be constructed from.
    Private Function InitialiseCharArray() As String()
        Dim _s(34) As String
        ' Add numbers, 1 to 9.
        For i As Integer = 0 To 8
            _s(i) = i + 1
        Next
        ' Add letters, a to z - lowercase only.
        For j As Integer = 97 To 122
            _s(j - 88) = Char.ConvertFromUtf32(j)
        Next
        Return _s
    End Function  

    ' Procedure to return a random character from our character list.
    Private Function GenerateRandomCharacter() As String
        Return _chars(_random.Next(_chars.GetUpperBound(0)))
    End Function
End Class

Related posts:

1. Creating a Custom Web Server Control – Alphabet Selector Web Server Control
2. Component to Connect to Active Directory with Sharepoint WSS