Wednesday, February 18, 2009

Replacing the far too secure random password generation in DotNetNuke

When using my facebook connect authentication plugin (on http://www.snowcovered.com/Snowcovered2/Default.aspx?tabid=242&PackageID=13359), the password generated by DNN is far, far too secure for most users.

It looks like ASH783934_w3w-r - i.e. not very easy to remember.

I wanted to replace it - so used a class like....


    public class SlodgeDNNMembershipProvider : DotNetNuke.Security.Membership.AspNetMembershipProvider

    {

        static List<string> PasswordBase = new List<string>()

        {

            "fishfinger",

            "rabbit",

            ... lots of other simple keywords,

            "racing"

        };

 

 

        public override string GeneratePassword(int length)

        {

            // length ignored - hope this does not hurt the SQL layer!

            return GeneratePassword();

        }

 

        public override string GeneratePassword()

        {

            Random r = new Random();

            int index = r.Next(PasswordBase.Count);

            if (index >= PasswordBase.Count) // according to the intellisense help this should not happen

                index = PasswordBase.Count - 1;

 

            int number = r.Next(100);

            return string.Format("{0}{1:00}", PasswordBase[index], number);

        }

    }


And then inserted this into the web.config layer using:

            <members defaultProvider="AspNetMembershipProvider">

                  <providers>

                        <clear/>

                        <add name="AspNetMembershipProvider" type="SlodgeDNNMembershipProvider.SlodgeDNNMembershipProvider, SlodgeDNNMembershipProvider" providerPath="~\Providers\MembershipProviders\AspNetMembershipProvider\"/>

                  </providers>

            </members>


Seemed to work first time - which is always suspicious!

No comments:

Post a Comment