我写了一个非常相似，你所描述的。他们可以做作为常规的前pression和完整（我自己至少），当它是一个非常有意义的成就。

要做到这一点，你将需要使用名为向前看符号正则表达式的功能。请参见上的的：//常规-ex pression.info相对=nofollow>常规-EX pression.info 网站的所有血淋淋的细节。

您将需要第二件事是一个实时定期EX pression测试仪来帮助你的原型正则表达式。我建议你​​看看 Rubular 。创建多个密码，应该工作，并为您的出发点有些不应该从那里开始。

编辑：
为了阐述我的上述评论。不是你要求每个人都可以或者应该通过一个正则表达式解决。也就是说，你列出的要求为：

  

  
• 不得包含在共同的3个或更多字符的任何序列的用户名

  
• 绝不能重复任何previous 1密码

  
• 如果密码被认为以任何方式受到损害必须改变

  

块引用>

或许应该从主密码验证的正则表达式另案处理，因为这些是高度情境。在在与用户名共同3个或更多的字符序列的大概可以在客户端的处理。然而，另外两个项目是在服务器端处理可能是***的左侧。

I need to write some validation rules for a user password with the following requirements. C# ASP.NET MVC.

Passwords must be 6 - 8 characters
Must include at least one character each from at least three of the following categories:

1. Upper-case letters
2. Lower-case letters
3. Numeric digits
4. Non-alpha-numeric characters (e.g.,!@#$%...)

Must not contain any sequence of 3 or more characters in common with the username
Must not repeat any of the previous 1 passwords
Must be changed if the password is believed to be compromised in any way

Currently i've written a bunch of really messy validation rules using if statements and loops (especially the 3 characters in sequence with username part), which is currently functional but it just feels like its wrong. Is there a better approach I can take?

Thankyou

I wrote one very similar to what you are describing. They can be done as a regular expression, and when complete (at least for myself) it was a very rewarding accomplishment.

To accomplish this you are going to need to use a regex feature called lookaheads. See the information on the regular-expression.info site for all the gory details.

The second thing you will need is a real time regular expression tester to help you prototype your regex. I suggestion you check out Rubular. Create several passwords that should work, and some that shouldn't work and start from there as your starting point.

Edit: To elaborate on my above comment. Not every one of your requirements can or should be solved via a regex. Namely, the requirements you listed as:

• Must not contain any sequence of 3 or more characters in common with the username
• Must not repeat any of the previous 1 passwords
• Must be changed if the password is believed to be compromised in any way

Should probably be handled separately from the main password validation regex, as these are highly contextual. The "sequence of 3 or more characters in common with the username" can probably be handled on the client side. However, the other two items are probably best left handled on the server side.