TAILIEUCHUNG - ASP.NET 4 Unleased - p 127

CẢNH BÁO Hãy chắc chắn rằng bạn thay đổi giá trị của thuộc tính decryptionKey trước khi sử dụng file cấu hình web trong Ví dụ 27,19. Bạn có thể tạo ra một decryptionKey mới với trang mô tả trong phần "Sử dụng hình thức xác thực qua các ứng dụng", trước đó trong chương này. | 1234 CHAPTER 27 Using Membership WARNING Make sure that you change the value of the decryptionKey attribute before using the web configuration file in Listing . You can generate a new decryptionKey with the page described in the Using Forms Authentication Across Applications section earlier in this chapter. Modifying User Password Requirements By default passwords are required to contain at least 7 characters and 1 nonalphanumeric character a character that is not a letter or a number such as _ or . You can set three Membership provider attributes that determine password policy minRequiredPasswordLength The minimum required password length. The default value is 7. minRequiredNonalphanumericCharacters The minimum number of non-alphanumeric characters The default value is 1. passwordStrengthRegularExpression The regular expression pattern that a valid password must match The default value is an empty string. The minRequiredNonAlphanumericCharacters attribute confuses everyone. Website users are not familiar with the requirement that they must enter a nonalphanumeric character. The web configuration file in Listing illustrates how you can disable this requirement when using the SqlMembershipProvider. LISTING xml version configuration authentication mode Forms membership defaultProvider MyProvider providers add name MyProvider type minRequiredNonalphanumericCharacters 0 connectionStringName LocalSqlServer providers membership configuration From the Library of Wow eBook Using Membership 1235 Locking Out Bad Users By default if you enter a bad password more than five times within 10 minutes your account is automatically locked out. In other words it is disabled. Also if you enter the wrong answer for the password answer more than five times in a 10minute interval your account is locked out. You get five attempts at your password and five .