Click here to Skip to main content
Click here to Skip to main content

PasswordSecurityMeter custom control

, 3 Jul 2005
Rate this:
Please Sign up or sign in to vote.
In this article, I create an ASP.NET custom control which shows how strong a user's password is.

Sample Image - 4.88 KB

Introduction

Lately I was registering on UK’s eBay website and I found an interesting control which shows how strong a user’s password is. The idea appeared interesting to me and I decided to create a simple ASP.NET custom control which will provide that functionality.

Background

User’s passwords are one of the basic security problems. From one side, we want systems to be secure and it requires password to be strong, but from the other side, there are users who don’t have appropriate knowledge and don’t want to remember complicated passwords. The simple solution for secure passwords is to use letters (mixed upper and lower-case), digits and special characters (like #[]!$%^&*). Password also must have appropriate length (minimum 6 characters but more is better). Knowing that, we can simply change the weak password mariusz to a strong one MariusZ#30. But we – developers – must remember that it’s our duty to show users, and help them, how to create a strong password.

The control

OK, let’s see what’s going on…

First – the engine. Basically, we need to check the password’s length (must be longer than minimum, let’s say 6 characters, but good if it’ll have at least the recommended length – 9 characters). Next - we verify that the password doesn't contain illegal phrases (like company name or phrases from login email), or consecutive or same characters. The last stage is to check if password contains letters and digits and special characters. This is implemented in the CalculateSecurityLevel (see line 329; PasswordSecurityMeter.cs file) procedure as also in the rendered JavaScript code (see line 162; PasswordSecurityMeter.cs file).

A little about the control’s designer

As you can see, I’ve created the control’s designer (PasswordSecurityMeterDesigner class). Designers are used to provide the control’s rendering during design-time. In this case, the designer provides simple properties checking, and when values are not correctly set, an appropriate message is rendered.

The designer class should derive from ControlDesigner class and should implement GetDesignTimeHtml procedure (see line 17; PasswordSecurityMeterDesigner.cs file). As you can see, I’m checking if the property PasswordControlName has been set and, when render mode Image is selected, if ImagesNamePattern property has been set.

To use the designer with the control, you must set the Designer attribute for the control’s class (see line 13; PasswordSecurityMeter.cs file).

Using the code

I assume that you know how to compile and install a custom control in Visual Studio .NET (if not, please read this article on MSDN). To use the control, simply drag it to the web form and set the property PasswordControlName - this is the name of control which keeps the user’s password. Additionally, you can set these properties:

  • MinPasswordLength – minimum password length
  • MaxPasswordLength – maximum password length
  • GoodPasswordLength – this determines how many characters a good password should have. If a password has at least that number of characters, one level point is added.
  • EMailControlName – name of the control where user can specify email. This prevents users before using in password phrases from email address which can be used as login.
  • RenderMode - select rendering mode (as an Image or as a Table).
  • ImagesNamePattern – you must specify this property when RenderMode is Image. Simply type the image's name pattern, putting {0} instead of security level number, for example: images/blue_securityLevel{0}.gif. In this example, you have six images in the images directory (blue_securityLevel0.gif, blue_securityLevel1.gif, … , blue_securityLevel5.gif).

History

  • 30/06/2005 - After a while (a long while), I finally wrote an article. Don’t know why, but it always takes a time Frown | :(
  • 04/05/2005 - I wrote the control’s code and decided to write an article.

To Do:

  • implement property which will allow the user to enter a list of prohibited words (like company name).
  • implement property which will allow the user to set colours for rendered table.
  • implement dynamic images render.
  • implement “Hint & Tips” which will help a customer to create more stronger passwords.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Mariusz Wojcik
Web Developer
United Kingdom United Kingdom
No Biography provided

Comments and Discussions

 
GeneralValidation did not work at production server PinmemberAmeen Abudbush1-Aug-05 1:57 
GeneralRe: Validation did not work at production server PinmemberAmeen Abudbush5-May-06 22:30 
Generalpass phrases PinmemberDonsw23-Jul-05 4:39 
GeneralBiased Pinmemberdandrade13-Jul-05 8:47 
GeneralPasswordComplex Pinmembernorm.net4-Jul-05 0:41 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.141022.2 | Last Updated 4 Jul 2005
Article Copyright 2005 by Mariusz Wojcik
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid