Wednesday, February 18, 2009

Replacing the far too secure random password generation in DotNetNuke

When using my facebook connect authentication plugin (on, the password generated by DNN is far, far too secure for most users.

It looks like ASH783934_w3w-r - i.e. not very easy to remember.

I wanted to replace it - so used a class like....

    public class SlodgeDNNMembershipProvider : DotNetNuke.Security.Membership.AspNetMembershipProvider


        static List<string> PasswordBase = new List<string>()




            ... lots of other simple keywords,





        public override string GeneratePassword(int length)


            // length ignored - hope this does not hurt the SQL layer!

            return GeneratePassword();



        public override string GeneratePassword()


            Random r = new Random();

            int index = r.Next(PasswordBase.Count);

            if (index >= PasswordBase.Count) // according to the intellisense help this should not happen

                index = PasswordBase.Count - 1;


            int number = r.Next(100);

            return string.Format("{0}{1:00}", PasswordBase[index], number);



And then inserted this into the web.config layer using:

            <members defaultProvider="AspNetMembershipProvider">



                        <add name="AspNetMembershipProvider" type="SlodgeDNNMembershipProvider.SlodgeDNNMembershipProvider, SlodgeDNNMembershipProvider" providerPath="~\Providers\MembershipProviders\AspNetMembershipProvider\"/>



Seemed to work first time - which is always suspicious!

No comments:

Post a Comment