expressappframework-401909-validation-validate-password-complexity.md
The ChangePasswordByUser Action is accessible by end users when the Standard Authentication type is used in an XAF application. By default, end users have the ability to change their passwords and set simple or even empty passwords. However, the production environment can have strict security, and it may therefore be required to use only complex passwords. The solution is to validate a new password value when an end user attempts to change a password.
The Change My Password dialog contains the ChangePasswordParameters Detail View.
The NewPassword is a property to be validated. As this property is implemented in the Security module, the best way to validate it is to apply the rule from the Model Editor.
Important
Make sure that the Security module is added to the list of required modules.
In the Model Editor, right-click the Validation | Rules node. Select Add… | RuleRegularExpression. Specify the following rule’s settings:
The Change Password dialog contains the OK button. This button is an Action that has the DialogOK ID. Navigate to ActionDesign | Actions | DialogOK and set the ValidationContexts property to ChangePassword. As a result, the ChangePassword validation context identifier will be associated with the DialogOK Action.
Application administrators can still assign a weak password to a user (the ResetPassword Action). Use the solution above to validate the ResetPasswordParameters.Password property.
When an end user enters a new password that does not meet the complexity requirements, the error message appears.
See Also