Show me a code sample for: Javascript - ASP.NET (C# and VB.NET) - Classic ASP - PHP - Python

Check password strength: ASP.NET (C# and VB.NET)

Implementation

This code will validate a password on the server side. If you want to validate the password on the client side, check our Javascript implementation. Should work with all versions of .NET (1.0, 1.1, 2.0, 3.0, 3.5 and 4.0)

C#

enum PasswordScore
{
	Blank = 0,
	VeryWeak = 1,
	Weak = 2,
	Medium = 3,
	Strong = 4,
	VeryStrong = 5
}

public class PasswordAdvisor
{
	public static PasswordScore CheckStrength(string password)
	{
		int score = 1;

		if (password.Length < 1)
			return PasswordScore.Blank;
		if (password.Length < 4)
			return PasswordScore.VeryWeak;

		if (password.Length >= 8)
			score++;
		if (password.Length >= 10)
			score++;
		if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript))
			score++;
		if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript) &&
			Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript))
			score++;
		if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/",  RegexOptions.ECMAScript))
			score++;

		return (PasswordScore)score;
	}
}

VB.NET

Enum PasswordScore 
	Blank = 0
	VeryWeak = 1
	Weak = 2
	Medium = 3
	Strong = 4
	VeryStrong = 5
End Enum
 
Public Class PasswordAdvisor

	Public Shared Function CheckStrength(ByVal password As String) As PasswordScore

		Dim score As Int32 =  1
 
		If password.Length < 1 Then
			 Return PasswordScore.Blank
		End If

		If password.Length < 4 Then
			 Return PasswordScore.VeryWeak
		End If
 
		If password.Length >= 8 Then
			score = score + 1
		End If
		If password.Length >= 10 Then
			score = score + 1
		End If
		If Regex.Match(password,"/\d+/",RegexOptions.ECMAScript) Then
			score = score + 1
		End If
		If Regex.Match(password,"/[a-z]/",RegexOptions.ECMAScript AndAlso Regex.Match(password, "/[A-Z]/", RegexOptions.ECMAScript))
			score = score + 1
		End If
		If Regex.Match(password,"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/",RegexOptions.ECMAScript) Then
			score = score + 1
		End If
 
		Return CType(score, PasswordScore)

	End Function

End Class

Usage

Call the static method PasswordAdvisor.CheckStrength() passing the password to be validated. It will return one of the PasswordScore enum values. You can then do your own validation based on this result.

Example

<script runat="server">
	public void ButtonClicked(Object sender, EventArgs e)
	{
		PasswordScore score = PasswordAdvisor.CheckStrength(TxtPassword.Text);
		Int32 i = (Int32)score;

		if (i < 2)
		{
			Page.IsValid = false;
			LblPasswordStrength.ForeColor = Colors.Red;
		}
		else if (i > 3)
		{
			LblPasswordStrength.ForeColor = Colors.DarkGreen;
		}

		LblPasswordStrength.Text = score.ToString();
	}
</script>

<form runat="server">
	Password:
	<asp:TextBox ID="TxtPassword" runat="server" />
	<asp:Label ID="LblPasswordStrength" runat="server" />
	<br />
	<asp:Button Text="Validate" OnClick="ButtonClicked" runat="server" />
</form>

How does it work?

Our scripts will test passwords and return a score which represents its strength.
The score goes from 1 (Very Weak) to 5 (Very Strong), and 0 if the value is blank. It will increase by 1 point if:

Length is at least 8.
Length is at least 10.
Has letters uppercased and lowercased.
Has numbers.
Has symbols.

Note that if the password length is less than 4, the score will be limited to "Very Weak".