It appears that in Beta 2 there is a setting somewhere put on by default for complex passwords such that they have to meet certain rules like length and complexity(@!#$%!)...How can I disable this "feaure" I want to let my users enter simple passwords...even tho its a bad practice.

You can disable/override policy it in the web.config i cant remember the exact settings.  Still waiting for beta2 to download only getting 30-40kb/s microsofts servers must be busy =)

Yeah...I was actively checking My MSDN Universal Account all day friday and saturday for the drop....I think most developers are all over beta 2, like a fat kids love chocolate cake. The only problem I'm running into is that there is still a ton of stuff not working right in beta 2 and the response I'm getting from the forums is....its still in beta and should be fixed by RTM....sigh.

From what I can tell, Microsoft added a few more properties to the MembershipProvider class for Beta 2.  Three of them pertain to passwords and are probably the ones causing your problem.  They are MinRequiredNonAlphanumericCharacters, MinRequiredPasswordLength, and PasswordStrengthRegularExpression.  The standard MembershipProvider implementation probably has some default values, but you can override these by adding some settings in your web.config file.  See if this works for you (just add the new properties, the rest should already be in your web.config):

        <membership defaultProvider="MyMembershipProvider" >
            <providers>
                <add name="MyMembershipProvider" type="MyMembershipProviderType"
                  minRequiredNonAlphanumericCharacters=0 minRequiredPasswordLength=1
                   passwordStrengthRegularExpression="" ...other provider properties />
            </providers>
        </membership>

Hope that helps!

I've got the same problem.  I can't find any reference to the membership provider in web.config anymore.  Where did it go in Beta 2?

 

I tried pasting my beta 1 code in: aspnet.configuration

<membership defaultProvider="XPP">
   <providers>
    <add connectionStringName="webAdminConnection632433992302402400" applicationName="/PolarHillFinder" description="" requiresUniqueEmail="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" name="XPP" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3500.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
   </providers>
  </membership>

And it errors when I try to into web setup.

 

 

 

You'll want to tweak these new attributes:

minRequiredPasswordLength (default value of 7)
minRequiredNonAlphanumericCharacters (default value of 1)

 

This posting is provided "AS IS" with no warranties, and confers no rights.

I don't seem to have a default membership section in my web.config.  EVen when I create a new web project (personal web site), there is no default section.  Is there a vs2005 utility that creates this section?

markberr wrote:

You'll want to tweak these new attributes: minRequiredPasswordLength (default value of 7) minRequiredNonAlphanumericCharacters (default value of 1)   This posting is provided "AS IS" with no warranties, and confers no rights.

Erm... yes, I had that idea too. But when I do, I get:

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Attribute not recognized 'minRequiredNonAlphanumericCharacters'

Finally get a password with @123WeHP32. GEEEEEZE

DannySmurf wrote:

Erm... yes, I had that idea too. But when I do, I get: Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: Attribute not recognized 'minRequiredNonAlphanumericCharacters'

To resolve this issue, you will have to add a membership section to your web.config file. A sample web.config is shown below:

<?xml version="1.0"?>

         <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">

                  <system.web>

                           <membership defaultProvider="ISKSqlMembershipProvider">

                                    <providers>

                                             <add name="ISKSqlMembershipProvider"

                                                type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                                                connectionStringName="LocalSqlServer"

                                                enablePasswordRetrieval="false"

                                                enablePasswordReset="true"

                                                requiresQuestionAndAnswer="true"

                                                applicationName="/"

                                                requiresUniqueEmail="false"

                                                passwordFormat="Hashed"

                                                maxInvalidPasswordAttempts="5"

                                                passwordAttemptWindow="10"

                                                minRequiredPasswordLength="3"

                                                minRequiredNonalphanumericCharacters="0"

                                                passwordStrengthRegularExpression="" />

                                    </providers>

                           </membership>

                  </system.web>

         </configuration>

LocalSqlServer is defined in the machine.config file and does not necessarily have to be defined again in the web.config.

j_gaylord wrote:

To resolve this issue, you will have to add a membership section to your web.config file.

Ahh, so I can't just use the default AspNetSqlMembershipProvider that's already in the config files. Didn't realize that. Thanks. :)

j_gaylord wrote:

To resolve this issue, you will have to add a membership section to your web.config file. A sample web.config is shown below: <code snipped>

I have almost this exact code in my web.config, but for all the attributes, it says 'attribute not declared', and does not actually do anything. It loads without errors, but it doesn't actually apply any of the attributes.

DannySmurf wrote:

Ahh, so I can't just use the default AspNetSqlMembershipProvider that's already in the config files. Didn't realize that. Thanks. :)

Yes you can. You would then just have to tweak the machine.config file in your ASP.NET folder under Windows. Just keep in mind that if you do tweak that, you must remember your settings or a future upgrade will get rid of them. Also, you don't need to create your own connection string. You can still use LocalSqlServer. Remember that machine.config loads first and then the web.config file.

chupajr wrote:

I have almost this exact code in my web.config, but for all the attributes, it says 'attribute not declared', and does not actually do anything. It loads without errors, but it doesn't actually apply any of the attributes.

It should apply your attributes just fine if you use this. The schema for the Membership provider has not been updated since Beta 1 so all of these attributes will have a blue squiggly line underneath. However, they will work if you run your app. See http://lab.msdn.microsoft.com/productfeedback/viewfeedback.aspx?feedbackid=d8f4663b-8fe4-4c23-8c0e-a961e7276e81 for more information.

In case anyone still have problems with this issue, I fixed it adding this:

        <membership defaultProvider="MyMembershipProvider">
            <providers>
                <add connectionStringName="LocalSqlServer" passwordAttemptWindow="10"
                 enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false"
                 applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed"
                 minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0"
                 passwordStrengthRegularExpression="" name="MyMembershipProvider"
                 type="System.Web.Security.SqlMembershipProvider" />
            </providers>
        </membership>

Of course you can change the connectiongStringName to whatever you want to use... for a list of all the settings you can "tweak" check the public properties here:

http://msdn2.microsoft.com/library/zsza764d(en-us,vs.80).aspx

I guess this should good enough not to have to implement our own membership provider.