GeneratePassword Demo

This demo illustrates how to use the code for ASP.NET 2.0's Membership.GeneratePassword(length, numberOfNonAlphaNumericCharacters) method in ASP.NET 1.x. I 'borrowed' this code from the 2.0 .NET Framework using Reflector. One thing to note - numberOfNonAlphaNumericCharacters is the minimum number of non-alphanumeric characters. Even if you specify, say, 3 non-alphanumeric characters, there may be 3 or more in the resulting, random password...

Note: I tweaked the GetPassword() method in that I removed some of the potentially dangerous non-alphanumeric characters (namely # and &). ASP.NET 2.0 does a check to ensure that the randomly generated password can't be used in a cross-site scripting attack, and the characters it checks for is <, #, and &. I just removed these to avoid needing to include the code for the XSS check...


Choose the length of the password:

Choose the minimum number of non-alphanumeric characters you'd like to see:

Your random password:


Source Code

<script language="VB" runat="server">
Function GeneratePassword(ByVal length As Integer, ByVal numberOfNonAlphanumericCharacters As Integer) As String
  'Make sure length and numberOfNonAlphanumericCharacters are valid....
  If ((length < 1) OrElse (length > 128)) Then
    Throw New ArgumentException("Membership_password_length_incorrect")
  End If
  
  If ((numberOfNonAlphanumericCharacters > length) OrElse (numberOfNonAlphanumericCharacters < 0)) Then
    Throw New ArgumentException("Membership_min_required_non_alphanumeric_characters_incorrect")
  End If
  
  Do While True
    Dim i As Integer
    Dim nonANcount As Integer = 0
    Dim buffer1 As Byte() = New Byte(length  - 1) {}
    
    'chPassword contains the password's characters as it's built up
    Dim chPassword As Char() = New Char(length  - 1) {}
    
    'chPunctionations contains the list of legal non-alphanumeric characters
    Dim chPunctuations as Char() = "!@@$%^^*()_-+=[{]};:>|./?".ToCharArray()

    'Get a cryptographically strong series of bytes
    Dim rng as New System.Security.Cryptography.RNGCryptoServiceProvider
    rng.GetBytes(buffer1)
        
    For i = 0 To length - 1
      'Convert each byte into its representative character
      Dim rndChr As Integer = (buffer1(i) Mod 87)
      If (rndChr < 10) Then
        chPassword(i) = Convert.ToChar(Convert.ToUInt16(48 + rndChr))
      Else
        If (rndChr < 36) Then
          chPassword(i) = Convert.ToChar(Convert.ToUInt16((65 + rndChr) - 10))
        Else
          If (rndChr < 62) Then
            chPassword(i) = Convert.ToChar(Convert.ToUInt16((97 + rndChr) - 36))
          Else
            chPassword(i) = chPunctuations(rndChr - 62)
            nonANcount += 1
          End If
        End If
      End If
    Next
    
    If nonANcount < numberOfNonAlphanumericCharacters Then
      Dim rndNumber As New Random
      For i = 0 To (numberOfNonAlphanumericCharacters - nonANcount) - 1
        Dim passwordPos As Integer
        Do
          passwordPos = rndNumber.Next(0, length)
        Loop While Not Char.IsLetterOrDigit(chPassword(passwordPos))
        chPassword(passwordPos) = chPunctuations(rndNumber.Next(0, chPunctuations.Length))
      Next
    End If
    
    Return New String(chPassword)
  Loop
End Function


'Button's Click event handler...
Private Sub GeneratePassword(sender as Object, e as EventArgs)
  RandPassword.Text = GeneratePassword(length.SelectedItem.Value, nonAlphanumeric.SelectedItem.Value)
End Sub
</script>


<form runat="server">
  Choose the length of the password:
	<asp:DropDownList runat="server" id="length">
		<asp:ListItem Value="5">5</asp:ListItem>
		<asp:ListItem Value="8">8</asp:ListItem>
		<asp:ListItem Value="10">10</asp:ListItem>
		<asp:ListItem Value="13">13</asp:ListItem>
		<asp:ListItem Value="15">15</asp:ListItem>
	</asp:DropDownList>
  <p>
  Choose the <i>minimum</i> number of non-alphanumeric characters you'd like to see:
	<asp:DropDownList runat="server" id="nonAlphanumeric">
		<asp:ListItem Value="0">0</asp:ListItem>
		<asp:ListItem Value="1">1</asp:ListItem>
		<asp:ListItem Value="3">3</asp:ListItem>
		<asp:ListItem Value="5">5</asp:ListItem>
		<asp:ListItem Value="7">7</asp:ListItem>
	</asp:DropDownList>
  <p>
  <asp:Button runat="server" Text="Generate Random Password" OnClick="GeneratePassword" />
  <p>
  Your random password: <asp:Label runat="server" id="RandPassword" Font-Size="x-large" Font-Bold="True" />  
</form>

[Return to the article...]