PasswordPolicyFulfillsPolicyProcedure

Type: Stored procedure

If the system setting PasswordPolicy is set to Custom, the stored procedure specified by the system setting PasswordPolicyFulfillsPolicyProcedure is called when a user changes their password.

This procedure can then accept the password, or reject the password and provide a reason why.

Users will not be allowed to change to a password that violates policy, but it is possible to bypass policy by passing @EnforcePasswordPolicy = 0 when calling SoftadminApi.User_InsertUpdate or SoftadminApi.User_UpdatePassword.

If you need to log password changes, use PreUpdatePasswordProcedure instead.

Example

CREATE OR ALTER PROCEDURE CustomPasswordPolicy
	@Password          nvarchar(200),
	@LanguageId        int,
	@UserId            int = NULL,
	@FulfillsPolicyOut int OUTPUT,
	@ReasonOut         nvarchar(255) OUTPUT
AS
BEGIN
	DECLARE @Username nvarchar(50) = (
		SELECT Username
		FROM SoftadminApi.[User]
		WHERE UserId = @UserId);

	-- Check if the password contains the Username
	IF CHARINDEX(@Username, @Password) > 0
	BEGIN
		SELECT
			@FulfillsPolicyOut = 0, -- Policy not fulfilled
			@ReasonOut = 'Password must not contain your user name.';
		RETURN;
	END;

	-- Password is allowed.
	SELECT
		@FulfillsPolicyOut = 1,
		@ReasonOut = NULL;
END;

Parameters

@Password mandatory nvarchar(200)
The user's new password.
@LanguageId mandatory int
Language ID for error messages.
@UserId optional int
ID of the user for whom the password is checked.
@FulfillsPolicyOut mandatory bit
Output parameter. Return 1 to accept the password, 0 to reject it.
@ReasonOut mandatory nvarchar
If the password was rejected, the reason why.