Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Validation (Prevent Data Errors) > Validate Password Complexity
All docs
V25.2
    • XAF: Cross-Platform .NET App UI & Web API
    Migration to .NET from .NET Framework in v25.2+
    Getting Started
    Installation, Upgrade, Version History
    Backend Web API Service
    UI Shell and Base Infrastructure
    Storage, ORM, and Business Model Design
    Data Manipulation and Business Logic
    User Interface and Behavior Customization
    Data Filtering
    Application Security and Data Safety
    Multi-Tenancy (Data per Tenant)
    Validation (Prevent Data Errors)
    Validation Rules
    Validation Contexts
    Declare Validation Rules
    Collection Validation
    Implement Custom Rules
    Trigger Validation Programmatically and Customize Default Rule Behavior
    Localize Validation Messages
    Validate Report Parameters
    Validate Password Complexity
    Conditional Appearance (Manage State of UI Elements)
    Reporting (Shape, Export & Print Data)
    Analytics (Extract Data Insights)
    Document Management
    Business Process Management
    Event Planning
    Localization
    Accessibility Support
    Debugging, Testing and Error Handling
    Deployment
    Support, QA & Troubleshooting
    API Reference
    Download CHM

    Validate Password Complexity

    • 2 minutes to read

    The ChangePasswordByUser Action is accessible by end users when the Standard Authentication type is used in an XAF application. By default, end users have the ability to change their passwords and set simple or even empty passwords. However, the production environment can have strict security, and it may therefore be required to use only complex passwords. The solution is to validate a new password value when an end user attempts to change a password.

    The Change My Password dialog contains the ChangePasswordParameters Detail View.

    Change password dialog

    The NewPassword is a property to be validated. As this property is implemented in the Security module, the best way to validate it is to apply the rule from the Model Editor.

    Important

    Make sure that the Security module is added to the list of required modules.

    1. Right-click the Validation | Rules node. Select Add… | RuleRegularExpression. Specify the following rule’s settings:

      • ID = Password is complex
      • TargetType = DevExpress.ExpressApp.Security.ChangePasswordOnLogonParameters
      • TargetPropertyName = NewPassword
      • TargetContextIDs = ChangePassword
      • SkipNullOrEmptyValues = False
      • Pattern = ^(?=.*[a-zA-Z])(?=.*\d).{6,}$
      • MessageTemplateMustMatchPattern = New password must consist of at least 6 alphanumeric characters.

      Model Editor - Validation Properties

      You can compose your own pattern to fit your password requirements. If you are not familiar with regular expressions, you can refer to the regular expressions 101 website to search for an appropriate regular expression. If you want to prohibit the use of an empty password, create the RuleRequiredField rule instead of RuleRegularExpression.

    2. The Change Password dialog contains the OK button. This button is an Action that has the DialogOK ID. Navigate to ActionDesign | Actions | DialogOK and set the ValidationContexts property to ChangePassword. As a result, the ChangePassword validation context identifier will be associated with the DialogOK Action.

    Application administrators can still assign a weak password to a user (the ResetPassword Action). Use the solution above to validate the ResetPasswordParameters.Password property.

    When an end user enters a new password that does not meet the complexity requirements, the error message appears.

    Validation Error Message

    See Also