We finally came to a conclution that the issue was with the password policy. Since this was little bit new to me, I thought of taking a deeper look on this.
Following Sitecore documents provides few configurations that can be used
Configure password policy - doc.sitecore.net
And following document describes about Sitecore Security
Sitecore Security - doc.sitecore.net
In the above document, Sitecore mention following points which helps us to extend/understand how this works
Sitecore uses the .NET security engine, which offers several advantages:
- A variety of plug-and-play features provided directly by Microsoft.
- An abstraction from the real data source.
- The option to replace or extend the default configuration with custom providers.
- The performance speed of a pure ASP.NET solution.
- The possibility of keeping the accounts in identifiable storage areas by using several providers simultaneously.
So, following are few more configurations that we can used to control the password policies of our Sitecore instance
minRequiredPasswordLength="<int>"
minRequiredNonalphanumericCharacters="<int>"
requiresQuestionAndAnswer="<bool>"
requiresUniqueEmail="<bool>"
maxInvalidPasswordAttempts="<int>"
passwordAttemptWindow="<int>"
enablePasswordRetrieval="<bool>"
passwordFormat="Encrypted"
passwordStrengthRegularExpression="<RegularExpression>"
https://msdn.microsoft.com/en-us/library/system.web.security.membership_properties%28v=vs.110%29.aspx
Hope this helps.. :-)
No comments:
Post a Comment