Language

Testing the Strength of a Password (C#)

By Christian Wenz|

Download Code or Download PDF

Passwords are required almost anywhere, so that lazy users tend to choose simple passwords which are easy to break. The PasswordStrength control in the ASP.NET AJAX Control Toolkit can check how good a password is.

Overview

Passwords are required almost anywhere, so that lazy users tend to choose simple passwords which are easy to break. The PasswordStrength control in the ASP.NET AJAX Control Toolkit can check how good a password is.

Steps

The PasswordStrength control extends a text box and checks whether the password in it is good enough . It offers a wealth of options via attributes; here are just some of them:

  • MinimumNumericCharacters minimum number of numeric characters required in the password
  • MinimumSymbolCharacters minimum number of symbol characters (not letters and digits) required in the password
  • PreferredPasswordLength minimum length of the password
  • RequiresUpperAndLowerCaseCharacters whether the password needs to use both uppercase and lowercase characters

The StrengthIndicatorType provides the information how to present the strength of the password, as text (value "Text") or as a kind of progress bar (value "BarIndicator"). In the DisplayPosition attribute, you configure where the information appears. Here is a complete example, including the ASP.NET AJAX ScriptManager control, the PasswordStrength control and of course a text box where the user may enter a password. For the sake of demonstration, the latter form field is a regular text field and not a password field so that you can see during development what you are typing.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Control Toolkit</title> </head> <body> <form id="form1" runat="server"> <asp:ScriptManager ID="asm" runat="server" /> <div> <asp:TextBox ID="Password" runat="server" /> <ajaxToolkit:PasswordStrength ID="ps1" runat="server" TargetControlID="Password" RequiresUpperAndLowerCaseCharacters="true" MinimumNumericCharacters="1" MinimumSymbolCharacters="1" PreferredPasswordLength="8" DisplayPosition="RightSide" StrengthIndicatorType="Text" /> </div> </form> </body> </html>

Run the page and type away: Only after you have entered lowercase letters, uppercase letters, digits and symbols, the password is deemed as unbreakable .

Now the password is (quite) good (Click to view full-size image)

Author Information

Christian Wenz

Christian Wenz – Christian Wenz is an author, trainer, and consultant. His main focus of working and writing is on web technologies and security. Christian has written or co-written over 100 books for various publishers. He works with both open source and closed source web technologies. This leads to the unusual situation that he has both been awarded a Microsoft MVP for ASP/ASP.NET and is listed in Zend's Who is Who of PHP. He is also listed in Mozilla's credits (about:credits) and is considered an expert in browser-agnostic JavaScript.