ASP.NET membership password expiration

asp.netasp.net-membershipauthenticationchange-password

I am using ASP.NET membership for the authentication of my web app. This worked great for me. I now have to implement password expiration.

If the password has expired the user should be redirected to ChangePassword screen and should not be allowed access to any other part of the application without changing the password.

There are many aspx pages. One solution could be to redirect to the ChangePassword screen OnInit of every aspx if the password has expired. Is there any other solutions or recommendations.

Thanks,
Jai

Best Answer

Further to csgero's answer, I found that you don't need to explicitly add an event handler for this event in ASP.Net 2.0 (3.5).

You can simply create the following method in global.asax and it gets wired up for you:

void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
    if (this.User.Identity.IsAuthenticated)
    {
        // get user
        MembershipUser user = Membership.GetUser();

        // has their password expired?
        if (user != null
            && user.LastPasswordChangedDate.Date.AddDays(90) < DateTime.Now.Date
            && !Request.Path.EndsWith("/Account/ChangePassword.aspx"))
        {
            Server.Transfer("~/ChangePassword.aspx");
        }
    }
}

Best Answer

Related Solutions

.net – ASP.NET Web Site or ASP.NET Web Application

Website:

Web Application:

R – Does ASP.NET Membership have a mechanism to generate password reset URLs

Related Topic