Security and password rules setup

Owned by Thomas Fabricius Jørgensen (Deactivated)
Last updated: 21 Oct 2015

This article relate to DVI 5 forms security (username and password login). In a windows authentication (AD) setup, rules for security are controlled by the Active Directory administrator.

Rules for configuring security rules is now located in the web.config file in the applicationSettings.Plass.Id.Web.Properties.Settings:

The following parameters can be configured:

  • PasswordRulesRequireNonLetterOrDigit
    Passwords must contain at least one character different from numeric or letter values e.g. the @ sign.
  • PasswordRulesRequireDigit 
    Password must contain at least one numeric value.
  • PasswordRulesRequiredLength
    Defined the minimum password length.
  • PasswordRulesRequireLowercase
    Password must contain at least one lowercase character
  • PasswordRulesRequireUppercase
    Password must contain at least one uppercase character
  • PasswordRuleHistoryLimit
    Defines the number of previous passwords to check for identicality with a new password. If the feature is not wanted, enter the value 0.
  • PasswordRulesMaxPasswordChangesPerDay
    Defines the number of possible password changes per. day. If this feature is not wanted, enter a unlikely high value, eg. 9999
  • PasswordRulesEnforcePasswordExpire
    If set to true, passwords have to be changed a least every X day where X i defined by PasswordRulesPasswordExpireDays, otherwise the account is locked out. When the account is locked, only resetting the password will unlock it.
  • PasswordRulesPasswordExpireDays
    See above
  • PasswordRulesUserLockoutEnabledByDefault
    If set true, users are locked out if entering incorrect password more than X times, where X is defined by the PasswordRulesMaxFailedAccessAttemptsBeforeLockout setting
  • PasswordRulesMaxFailedAccessAttemptsBeforeLockout
    Number of times an invalid password can be entered before the account is lockedout.
  • PasswordRulesDefaultAccountLockoutMinutes
    Number of minutes before the account is unlocked due to invalid login attempts
  • PasswordRulesPreventSequentialPasswords
    If set true, a new password is compared to the previous password and disallowed if it contains numeric values which differ +/-1 compared to the numeric values used in the old password.
  • PasswordRulesEnforceInactivityLockout
    If set true, the "last login date" is validated. If the last login date is older than the number of days defined in the PasswordRulesInactivityLockoutExpireDays setting the account is locked.
    The account can be unlocked by reset or change password.
  • PasswordRulesInactivityLockoutExpireDays
    See above.