
Membership.GeneratePassword(Int32, Int32) 方法



 static System::String ^ GeneratePassword(int length, int numberOfNonAlphanumericCharacters);
public static string GeneratePassword(int length, int numberOfNonAlphanumericCharacters);
static member GeneratePassword : int * int -> string
Public Shared Function GeneratePassword (length As Integer, numberOfNonAlphanumericCharacters As Integer) As String



所產生密碼中的字元數。 長度必須介於 1 和 128 個字元之間。


產生密碼中的非字母字元的數目下限 (例如 @、#、!、%, & 等等)。




length 小於 1 或大於 128 -或-

numberOfNonAlphanumericCharacters 小於 0 或大於 length


下列程式代碼範例會建立新的成員資格使用者,並使用 GeneratePassword 方法將新用戶的密碼初始化為隨機值,這會向用戶顯示。


此範例包含接受使用者輸入的文本框,這是潛在的安全性威脅。 根據預設,ASP.NET Web 網頁會驗證使用者輸入未包含指令碼或 HTML 項目。 如需詳細資訊,請參閱 Script Exploits Overview (指令碼攻擊概觀)。

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

public void CreateUser_OnClick(object sender, EventArgs args)
  // Generate a new 12-character password with at least 1 non-alphanumeric character.
  string password = Membership.GeneratePassword(12, 1);

    // Create new user.
    MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, password, 

    Msg.Text = "User <b>" + Server.HtmlEncode(UsernameTextbox.Text) + "</b> created. " +
               "Your temporary password is " + password + ".";
  catch (MembershipCreateUserException e)
    Msg.Text = GetErrorMessage(e.StatusCode);
  catch (HttpException e)
    Msg.Text = e.Message;

public string GetErrorMessage(MembershipCreateStatus status)
   switch (status)
      case MembershipCreateStatus.DuplicateUserName:
        return "Username already exists. Please enter a different user name.";

      case MembershipCreateStatus.DuplicateEmail:
        return "A username for that email address already exists. Please enter a different email address.";

      case MembershipCreateStatus.InvalidPassword:
        return "The password provided is invalid. Please enter a valid password value.";

      case MembershipCreateStatus.InvalidEmail:
        return "The email address provided is invalid. Please check the value and try again.";

      case MembershipCreateStatus.InvalidAnswer:
        return "The password retrieval answer provided is invalid. Please check the value and try again.";

      case MembershipCreateStatus.InvalidQuestion:
        return "The password retrieval question provided is invalid. Please check the value and try again.";

      case MembershipCreateStatus.ProviderError:
        return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator.";

      case MembershipCreateStatus.UserRejected:
        return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator.";

        return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator.";


<html xmlns="http://www.w3.org/1999/xhtml" >
<title>Create User</title>

<form id="form1" runat="server">
  <h3>Create New User</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table cellpadding="3" border="0">
      <td><asp:Textbox id="UsernameTextbox" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                      ControlToValidate="UserNameTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>

      <td>Email Address:</td>
      <td><asp:Textbox id="EmailTextbox" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="EmailRequiredValidator" runat="server"
                                      ControlToValidate="EmailTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>

      <td><asp:Button id="CreateUserButton" Text="Create User" OnClick="CreateUser_OnClick" runat="server" /></td>

<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

Public Sub CreateUser_OnClick(sender As Object, args As EventArgs)
  ' Generate a new 12-character password with at least 1 non-alphanumeric character.
  Dim password As String = Membership.GeneratePassword(12, 1)

    ' Create new user.
    Dim newUser As MembershipUser = Membership.CreateUser(UsernameTextbox.Text, password, _

    Msg.Text = "User <b>" & Server.HtmlEncode(UsernameTextbox.Text) & "</b> created. " & _
               "Your temporary password is " & password & "."
  Catch e As MembershipCreateUserException
    Msg.Text = GetErrorMessage(e.StatusCode)
  Catch e As HttpException
    Msg.Text = e.Message
  End Try
End Sub

Public Function GetErrorMessage(status As MembershipCreateStatus) As String

   Select Case status
      Case MembershipCreateStatus.DuplicateUserName
        Return "Username already exists. Please enter a different user name."

      Case MembershipCreateStatus.DuplicateEmail
        Return "A username for that email address already exists. Please enter a different email address."

      Case MembershipCreateStatus.InvalidPassword
        Return "The password provided is invalid. Please enter a valid password value."

      Case MembershipCreateStatus.InvalidEmail
        Return "The email address provided is invalid. Please check the value and try again."

      Case MembershipCreateStatus.InvalidAnswer
        Return "The password retrieval answer provided is invalid. Please check the value and try again."

      Case MembershipCreateStatus.InvalidQuestion
        Return "The password retrieval question provided is invalid. Please check the value and try again."

      Case MembershipCreateStatus.ProviderError
        Return "The authentication provider Returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator."

      Case MembershipCreateStatus.UserRejected
        Return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator."

      Case Else
        Return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator."
   End Select
End Function


<html xmlns="http://www.w3.org/1999/xhtml" >
<title>Create User</title>

<form id="form1" runat="server">
  <h3>Create New User</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table cellpadding="3" border="0">
      <td><asp:Textbox id="UsernameTextbox" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                      ControlToValidate="UserNameTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>

      <td>Email Address:</td>
      <td><asp:Textbox id="EmailTextbox" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="EmailRequiredValidator" runat="server"
                                      ControlToValidate="EmailTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>

      <td><asp:Button id="CreateUserButton" Text="Create User" OnClick="CreateUser_OnClick" runat="server" /></td>



方法 GeneratePassword 可用來產生隨機密碼,而且最常由 ResetPassword 成員資格提供者實作的方法用來將使用者的密碼重設為新的暫時密碼。

產生的密碼只包含英數位元和下列標點符號: !@#$%^&*()_-+=[{]};:<>|./?。 產生的密碼中未包含隱藏或不可列印的控制字元。


方法所建立的 GeneratePassword 隨機密碼不保證會在 屬性中 PasswordStrengthRegularExpression 傳遞正則表示式。 不過,隨機密碼將符合 屬性和 參數所建立的MinRequiredPasswordLengthnumberOfNonAlphanumericCharacters準則。

