Click here to Skip to main content
13,150,178 members (59,476 online)
Click here to Skip to main content
Add your own
alternative version

Stats

9.6K views
64 downloads
26 bookmarked
Posted 27 Dec 2016

Password Strength Indicator NuGet Package

, 20 Feb 2017
Rate this:
Please Sign up or sign in to vote.
Password Strength Indicator using jQuery and XML + NuGet Package

Password Strength indicator

Table of Contents

Introduction

Recently, I have the opportunity to review the ASP.NET - Password Strength Indicator using jQuery and XML plugin and make some enhancement to it. Here is the summary of the changes.

  • Updated the plugin to check for keyboard/character sequences (i.e., 123456, qwerty, abcdef, …)
  • Added sample code using MVC5
  • Added the projects to GitHub (https://github.com/bryiantan/PasswordStrengthIndicator)
  • Added the plugin to NuGet (https://www.nuget.org/packages/PasswordStrengthIndicator/)
  • Fixed minor bugs

As mentioned in previous article, the purpose of the plugin is to provide guidance to user to choose a strong password. I wanted to reiterate that the plugin provides the following validation on client and server side:

  • Check if password contains x number of required Uppercase characters (A-Z)
  • Check if password contains any Lowercase characters (a-z)
  • Check if password contains x number of required Base 10 digits (0 through 9)
  • Check if password contains x number of required allowable Nonalphanumeric characters (special characters such as: ! @ # …)
  • Check if password meet the Minimum and Maximum password length requirement
  • Check if password exceeded the allowable Maximum consecutive repeated character
  • Check if password contains keyboard character sequences specified in the XML file

You need to write additional code/logic if you want to add functionality to perform the following:

  • Prevent user from using previous x history password
  • Password maximum age
  • Prevent user from entering common character (i.e, Apple, Chicken, ...) (I think you can include that under the keyboardSequenceCharacters Node, but that will be too overwhelming)
  • etc…

In this article, please allow me to share with everyone the following items:

  1. Review the element in the PasswordPolicy.xml
  2. Review the logic to check for keyboard/character sequences
  3. How to create and publish the NuGet package
  4. How to consume the package

What in the PasswordPolicy.xml?

Shown in table 1 is the list of xml node and its corresponding description

Table 1

NodeDescription
durationThis is just an example. You can add a node and value in the XML file and then add the business logic to the PasswordStrengthIndicator.Core class
minLengthThe password minimum acceptable length
maxLengthThe password maximum acceptable length
numsLengthThe minimum number of required digits (0-9)
upperLengthThe minimum number of required upper case (A-Z)
specialLengthThe minimum number of required special characters
barWidthSpecify the width of the bar indicator [Example: 100, 200]
barColorSpecify the final color of the bar [Example: Yellow, Maroon, etc.…]
specialCharsThe allowable valid special characters
useMultipleColorsTurn on/off multiple colors [red, blue, green]. 1=Yes, 0=No
maxConsecutiveRepeatedChars0 = Allow repeat, no validation. [example: aaaaaaaaA will be valid]
1 and above = Specify maximum number of successive repetitions of a given character. Example:
• if 1, aa will not be valid because it repeated more than 1 time
• if 2, aaa will not be valid because it repeated more than 2 times
maxKeyboardSequenceSpecify the maximum allowable keyboard/character sequence. Example:
• if 2, 123 will not be valid, but 12 will be valid.
• If 3, qwer159 will not be valid, but qwe159 will be valid
Note: the sequence is defined in keyboardSequenceCharacters node)
keyboardSequenceCharactersSpecify the keyboard/characters’ sequence. The node name could be a little misleading depending on the type of keyboard you’re using. You can be creative here and specify anything that you would consider a sequence in one string. Example: abcdefghijklmnopqrstuvwxyzzyxwvuts…123456...
Note: not case sensitive

 

Logic to check for keyboard/character sequences

Shown in listing 1 and 2 are the server and client side validation code respectively. First, the code will retrieve the maximum character sequence (MaxKeyboardSequence) and sequence characters (KeyboardSequenceCharacters) from the PasswordPolicy.xml file. Then it will loop through the password string entered by the user to find if any part of the string is subset of the string defined in KeyboardSequenceCharacters.

Here is an example. Let said a user entered Nin@Abc357, MaxKeyboardSequence and KeyboardSequenceCharacters was set to 2 and abcdefghijklmnopqrstuvwxyzzyxwvuts respectively. Initially, the logic will check if KeyboardSequenceCharacters contains Nin. Then it will check if it contains in@, n@A, @Ab, Abc and so forth. If the KeyboardSequenceCharacters was set to 3, then the validation check will begin with Nin@, in@A, n@Ab and so on. Based on the example, part of the password entered (Nin@Abc357) was a subset of KeyboardSequenceCharacters. Thus, user will receive a validation error like "Keyboard sequence character not allow…" on the client side. As mentioned earlier, please feel free to enter any string that you would consider a sequence under the KeyboardSequenceCharacters value.

Listing 1

public static bool IsPasswordContainSequence(string strPassword, PasswordSetting passwordSetting)
       {
           int startIndex = 0;
           int num = 0;
           int length = passwordSetting.MaxKeyboardSequence + 1;
           string empty = string.Empty;
           string str1 = passwordSetting.KeyboardSequenceCharacters;
           while (num < strPassword.Length)
           {
               num = startIndex + length;
               string str2 = strPassword.ToLower().Substring(startIndex, length);
               if (str1.Contains(str2))
                   return true;
               ++startIndex;
           }
           return false;
       }

Listing 2

this.getKeyboardSequenceChar = function (passwordVal) {
        var maxQwertySequence = password_settings.maxKeyboardSequence + 1;
        var keyboardSequenceCharacters = password_settings.keyboardSequenceCharacters;
        var num = 0;
        var startIndex = 0;
        if (passwordVal.length >= maxQwertySequence) {
            while (num < passwordVal.length) {
                num = startIndex + maxQwertySequence;
                var lastXsubString = passwordVal.substr(startIndex, maxQwertySequence);
                if (keyboardSequenceCharacters.indexOf(lastXsubString.toLowerCase()) >= 0) {
                    return lastXsubString;
                }
                startIndex++;
            }
        }

How to create the NuGet package?

The very first step is to download and install the NuGet Package Project extension from http://nuproj.net/.
After the installation, open the Visual Studio IDE, navigate to File, New, Project and select NuGet under installed templates, Refer to figure 1.

Figure 2

new nuget project

Add two folders into the project, namely Content and lib. We can do this by right click the project, select Add and then select New Folder. I'll add the JavaScript, XML file and sample page into the Content folder. The files in the Content folder will be added into the target solution during the installation. Now, I want the PasswordStrengthIndicator.Core.dll to be added to the target reference during the installation. In order to do this, I will add the PasswordStrengthIndicator.Core.dll assembly into the lib folder. Next, I'll add web.config.install.xdt and web.config.uninstall.xdt into the Content folder. The purpose of these two files are to add and remove a key into/from the web.config appSettings section during package installation and uninstallation. At this point the solution should look like figure 3.

Figure 3

nuget project with files and folder

What in the web.config.install.xdt and web.config.uninstall.xdt file?

Shown in listing 3 and listing 4 are the contents of the web.config.install.xdt and web.config.uninstall.xdt respectively. During the package installation, the NuGet will check if appSettings element exists, if not, insert the element. Then it will check if the passwordPolicyXMLLocation key need to be inserted into the web.config file. In order to avoid complication, the passwordPolicyXMLLocation key will be removed from the web.config during package uninstallation and not the entire appSettings element.

Listing 3

    <?xml version="1.0" ?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
    <appSettings xdt:Transform="InsertIfMissing">
   <add key="passwordPolicyXMLLocation" value="~/MyXML/PasswordPolicy.xml"
        xdt:Locator="Match(key)" xdt:Transform="InsertIfMissing" />
    </appSettings>
</configuration>

Listing 4

<?xml version="1.0" ?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
    <appSettings>
    <add key="passwordPolicyXMLLocation" xdt:Transform="Remove" xdt:Locator="Match(key)" />
    </appSettings>
</configuration>

Package Setting

Right click the project and select properties to update package properties. Here you can specify the Package ID, Package Version, project URL, provide a summary and description of the package, license URL, etc. The package name is the combination of Package ID and Package Version. In this example, the package name will end up like NuGetPackage1.1.0.0.nupkg. So, don't forget to update the Package Version each time you updating the package. The nuget.org will not allow you to publish a package with the same name twice. You also can utilize the Readme.txt file to include more information about the package.

Figure 4

nuget package properties

How to test the package before publishing it?

Let start by opening a current web project or create a new web project. Go to Tools, NuGet Package Manager, Package Manager Settings. Click on the Package Sources, add (green plus sign) then click on the eclipse (…) to browse to the package location. After that, click on the Update button. Refer to figure 5 as an example.

Figure 5

nuget package source

Now, let go back to Tools, NuGet Package Manager, Manage NuGet Packages for Solution…. Change the package source to the name specified in figure 5 and click on Browse. Select the package and the project and then click on the Install button. Refer to figure 6.

Figure 6

nuget package test local

How to publish the package?

Once we have verified the package installed/uninstalled correctly. Navigate to https://www.nuget.org , login, create an account if you don’t have one. Click on the Upload Package menu item. Then click on browse and navigate to the package location. In our example the package name is NuGetPackage1.1.0.0.nupkg. Follow the instruction on the screen to complete the process.

How to install the PasswordStrengthIndicator NuGet Package?

From the menu, click on Tools, NuGet Package Manager, Manage NuGet Packages for Solution…. Make sure the package source is pointing to nugget.org. Click on Browse and search for PasswordStrengthIndicator or Bryian Tan You should see the result similar to figure 7. Choose the project you want to install this package to and then click on the install button.

Figure 7

nuget package install

Once the package installed successfully, the readme.txt will open up. You can go over it to learn more about the plugin. The following items should be in your project solution:

  1. MyXML folder which contains PasswordPolicy.xml and PasswordPolicy.xslt files
  2. PasswordStrengthIndicator.Example which contains Default.aspx.txt and jQuery_Password_Strength_Indicator.htm files
  3. Under the Scripts, you should see jquery.password-strength-2.0.min.js and jquery.blockUI.js
  4. You should see PasswordStrengthIndicator.Core being referenced by the project
  5. passwordPolicyXMLLocation key is being added into the appSettings section in the web.config

To run the test, open up the jQuery_Password_Strength_Indicator.htm file and update the jQuery reference. Rename the Default.aspx.txt to Default.aspx and update the jQuery reference.

How to Install Password Strength Indicator without NugGet Package Manager

Here are the steps to install the package to the ASP.NET application/project or other framework such as Classic ASP/PHP, etc. without using NuGet Manager.

  1. Download and extract the NuGet package
  2. Please note that this plugin requires jQuery 1.3+
  3. Navigate to the Content folder and copy the MyXML, PasswordStrengthIndicator.Example and Scripts folder into the application solution
  4. Add the below key to appSettings in the web.config (not applicable to other Framework)
    < key="passwordPolicyXMLLocation" value="~/MyXML/PasswordPolicy.xml" />
  5. Add the reference lib/PasswordStrengthIndicator.Core.dll to the project (not applicable to other Framework)
  6. For other application framework, you need to write your own server-side validation, refer to the PasswordStrengthIndicator.Core source code.
  7. Likewise, you can download the source/sample code from the repository and study the project structure.

Conclusion

I hope someone will find this information useful and make your programming job easier. If you find any bugs or disagree with the contents or want to help improve this article, please drop me a line and I'll work with you to correct it. I would suggest downloading the demo and explore it in order to grasp the full concept because I might miss some important information in this article. Please contact mel if you want to help improve this article. Please use the following link to report any issues https://github.com/bryiantan/PasswordStrengthIndicator/issues.

Tested on: Internet Explorer 11,10,9.0, Firefox 50, Google Chrome 25.0 and Apple Safari 5.1.7
IE, Firefox, Google Chrome, Safari

History

12/26/2016 - Initial version
01/03/2017 - Added Install Nuget Package without NugGet Package Manager
01/11/2017 - Updated Install Nuget Package without NugGet Package Manager
02/20/2017 - Updated contents/languages

Watch this script in action

http://download.ysatech.com/ASP-NET-jQuery-Password-Strength-v2/

Download

Download Package (https://www.nuget.org/packages/PasswordStrengthIndicator/)
Download Source Code (https://github.com/bryiantan/PasswordStrengthIndicator)

Resources

ASP.NET - Password Strength Indicator using jQuery and XML
https://blogs.msdn.microsoft.com/webdev/2013/10/24/how-to-use-xdt-in-nuget-examples-and-facts/
http://nuproj.net/
A Step by Step Guide to Testing NuGet Packages Locally

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Bryian Tan
Software Developer (Senior)
United States United States
I have over 10 years of experience working with Microsoft technologies. I have earned my Microsoft Certified Technology Specialist (MCTS) certification. I'm a highly motivated self-starter with an aptitude for learning new skills quickly.

You may also be interested in...

Pro

Comments and Discussions

 
GeneralNIST Password Rule Change Pin
wduros121-Feb-17 8:33
memberwduros121-Feb-17 8:33 
GeneralRe: NIST Password Rule Change Pin
Bryian Tan21-Feb-17 9:44
professionalBryian Tan21-Feb-17 9:44 
QuestionDoes not accept "special" characters Pin
Jepy21-Feb-17 3:49
memberJepy21-Feb-17 3:49 
AnswerRe: Does not accept "special" characters Pin
Bryian Tan21-Feb-17 4:02
professionalBryian Tan21-Feb-17 4:02 
GeneralMy vote of 5 Pin
Ehsan Sajjad21-Feb-17 1:26
professionalEhsan Sajjad21-Feb-17 1:26 
GeneralRe: My vote of 5 Pin
Bryian Tan21-Feb-17 3:41
professionalBryian Tan21-Feb-17 3:41 
QuestionVery good! Pin
Graham Irons20-Feb-17 21:41
memberGraham Irons20-Feb-17 21:41 
AnswerRe: Very good! Pin
Bryian Tan21-Feb-17 3:41
professionalBryian Tan21-Feb-17 3:41 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.170924.2 | Last Updated 20 Feb 2017
Article Copyright 2016 by Bryian Tan
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid