Handling all of this problem's requirements takes some time but is actually fairly easy if you use the randomization tools we've already built in this chapter. The following RandomPassword method generates a password:

// Make a random password.
private Random Rand = new Random();
private string RandomPassword(
    int minLength, int maxLength,
    bool allowLowercase, bool requireLowercase,
    bool allowUppercase, bool requireUppercase,
    bool allowDigit, bool requireDigit,
    bool allowSpecial, bool requireSpecial,
    bool allowOther, bool requireOther, string other)
{
    const string lowers = "abcdefghijklmnopqrstuvwxyz";
    const string uppers = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    const string digits = "0123456789";
    const string specials = @"~!@#$%^&*():;[]{}<>,.?/|";

    // Make a string containing all allowed characters.
    string allowed = "";
    if (allowLowercase) allowed += lowers;
    if (allowUppercase) allowed += uppers;
    if (allowDigit) allowed += digits;
    if (allowSpecial) allowed += specials
    if (allowOther) allowed += other;

    // Pick the number of characters.
    int passwordLength = Rand.Next(minLength, maxLength + 1);

    // Satisfy the requirements.
    string password = "";
    if (requireLowercase) password += lowers.ToCharArray().Random();
    if (requireUppercase) password += uppers.ToCharArray().Random();
    if (requireDigit) password += digits.ToCharArray().Random();
    if (requireSpecial) password += specials.ToCharArray().Random();
    if (requireOther) password += other.ToCharArray().Random();

    // Add the remaining characters randomly.
    while (password.Length < passwordLength)
        password += allowed.ToCharArray().Random();

    // Randomize so the required characters don't all appear at the 
    // front.
    char[] chars = password.ToCharArray();
    chars.Randomize();

    return new string(chars);
}

The method begins with some strings that define lowercase letters, uppercase letters, digits, and special characters. It then uses its allowed Boolean parameters to build a single string that contains all of the allowed characters.

Next, the method uses the Rand object to pick a length for the password between minLength and maxLength. It then satisfies the character requirements.

If a type of character is required, the code calls the appropriate string's ToCharArray method, uses the Random extension method to randomly pick a character from the array, and adds it to the password.

After it has picked one character from each of the required character categories, the method picks random characters from the allowed string to fill out the password to its desired length.

At this point, the password satisfies the requirements and uses only allowed characters, but one of each of the required characters is at the beginning of the string so the password isn't truly random. In fact, if all of the character types are required, then you know that the password begins with the sequence—lowercase, uppercase, digit, special, and other.

To avoid that kind of pattern, the code converts the password into an array of characters and randomizes the array. It then uses the randomized characters to create a new string and returns that as the password.

Download the PasswordMaker example solution to see additional details.