Reputation: 2886
PCI Compliance with ASP.Net Membership Provider
So if you have an ecommerce app and you used the awesome ASP.Net Membership Provider you have a working user authentication system out-of-the-box.
Now.. your customers says "Please make my site PCI Compliant"
So it seems like there are handful of tweaks that you'll need to make, such as:
- enforce symbols in new passwords
- minimum password length of 7
These are easy ones, you can set them all in the web.config in the Membership Provider section.
However, a PCI requirement like:
- Disable inactive accounts after 90 days
It seems like you need some kind of c# script + scheduled task to handle this. Has anyone every made nice nice utility script/class that takes care of all of these extra PCI issues? It seems like a very generic script and would work on most sites.
Upvotes: 2
Views: 500
Answers (1)
Reputation: 25692
If you are using the SqlMembershipProvider for membership, you can try out this SQL script to lock out accounts that have not logged in in 90 days.
update mydatabase.dbo.aspnet_Membership
set IsLockedOut = 1, LastLockoutDate = GETDATE()
where LastLoginDate < GETDATE() - 90
Upvotes: 1