Login
Home CMS Documentation Home CMS 10 Authentication & Authorization Authentication CMS 10.6 Configuring Password Rules

CMS 10.6 Configuring Password Rules

Prerequisites: CMS 10.6 must be installed. See CMS Statistics for details to check your version.

System administrators can set rules in the Ingeniux CMS 10.6 local-membership.config file to strengthen CMS user account passwords.

To configure user account password rules in local-membership.config:
  1. Navigate to the CMS installation's site folder (e.g., [Drive]:[path-to-site-root-folder]).
  2. Locate local-membership.config, and open the file in a text editor.

    Example of local-membership.config:

    
            <?xml version="1.0" encoding="utf-8"?>
<membership defaultProvider="IngeniuxMembershipProvider">
    <providers>
        <clear/>
        <!-- Tags removed for brevity.-->
        <add name="IngeniuxMembershipProvider"
            type="RavenDBMembership.Provider.RavenDBMembershipProvider"
            connectionStringName="IGXDBConnectionString" applicationName="IngeniuxCMS"
            enablePasswordRetrieval="true" enablePasswordReset="true"
            requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
            minRequiredNonAlphanumericCharacters="0" minRequiredPasswordLength="5"
            requiresPasswordExcludesUserInfo="false" requiresPasswordExcludesUserName="false"
            requiresPasswordExcludesDisplayName="false" minRequiredCapitalLetters="0"
            minRequiredNumbers="0" passwordFormat="Encrypted" maxInvalidPasswordAttempts="50000"
            passwordAttemptWindow="10"/>
    </providers>
</membership>
  3. Navigate to the <add> element with the @name attribute value IngeniuxMembershipProvider, and configure the following attributes.
    AttributeDescription
    @passwordStrengthRegularExpressionEnter a regular expression (regex) string.

    For example:

    (?=(.*[0-9]){2,})(?=(.*[#$@!%&*?]){2,})(?=(.*[A-Z]){2,}).{8,}

    This example indicates that passwords require a minimum of eight characters and require two or more capital letters, numbers, and special characters.

    Important
    If you use this regex example setting, all other password complexity settings will be ignored.

    @minRequiredPasswordLengthEnter a number to represent the minimum required password length. If not set, the value defaults to 1.
    @minRequiredCapitalLettersEnter a number to represent the minimum required number of capital letters in passwords. If not set, the value defaults to 0.
    @minRequiredNumbersEnter a number to represent the minimum required numbers users must incorporate in passwords. If not set, the value defaults to 1.
    @minRequiredNonAlphanumericCharactersEnter a number to represent the minimum required number of non-alphanumeric characters in passwords. If not set, the value defaults to 1.
  4. Save your changes to local-membership.config.
  5. Recycle the CMS application pool after deploying these changes.
 

Related Topics