Adding windows password policy to your app

G

Guest

We have our own set of users and passwords for our application and we want to
implement strong passwords.
My question is can you access the windows password policy settings in order
to validate a password the user has typed in?
Even if you cant use the password history for your own passwords, it would
still be useful to use the other settings like minimum length etc...

We could store our own format for the password maybe as a regular
expression, but if the customer have already set up the password policy they
want in 1 place, it would be nice to use it.
 
N

Nicholas Paldino [.NET/C# MVP]

James,

AFAIK, this is not possible, windows doesn't expose an API to validate
the password. The only way that you can validate the password would be to
actually create a user on the local machine. I guess you could hack it by
creating a user (with some random user name), and then deleting that user.
If the password is accepted, then you know it meets the password policy of
the local machine.

Hope this helps.
 
G

Guest

Thanks thats what I suspected.
I suppose if hackers' could get hold of these setting it would aid them in
cracking peoples passwords...

Nicholas Paldino said:
James,

AFAIK, this is not possible, windows doesn't expose an API to validate
the password. The only way that you can validate the password would be to
actually create a user on the local machine. I guess you could hack it by
creating a user (with some random user name), and then deleting that user.
If the password is accepted, then you know it meets the password policy of
the local machine.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

James said:
We have our own set of users and passwords for our application and we want
to
implement strong passwords.
My question is can you access the windows password policy settings in
order
to validate a password the user has typed in?
Even if you cant use the password history for your own passwords, it would
still be useful to use the other settings like minimum length etc...

We could store our own format for the password maybe as a regular
expression, but if the customer have already set up the password policy
they
want in 1 place, it would be nice to use it.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hacking suprise, so beef up your protection 0
Security Settings for Password Policy and User properties 6
Password Policy not working properly 2
Reseting age of password? Possible? 6
Enable Password Policy question 1
Security update regarding your Ubisoft account - please create a new password 5
Validate Password against Domain Policy 0
IPad Multiple Users 0

Top