• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1505
  • Last Modified:

Force user to change password after a passwordrecovery request

I have a web site that uses standard ASP.NET login controls. I am using the PasswordRecovery control. I need a way to force the user to go to a page containing the ChangePassword control if they've used the PasswordRecovery control to get a new password. Is there a way to do this?
0
Russ Suter
Asked:
Russ Suter
  • 3
1 Solution
 
PHDCommented:
In the Sendingmail event of the recovery control you can log the username that requested the new passord.
And in the authenticate event of login control if the password is correct and the username is in the logs then force the user to change his password
0
 
PHDCommented:
i.e : you redirect the user where the name has been loged during the request of the new password to a page containing the changepassword of aps.net 2.0
0
 
TSmoothCommented:
Store a boolean value in your user database somewhere for each user such as "MustChangePassword" with a default value of false. Then on your login.aspx page, use the validating user event to first verify they entered the correct username/password, and then check the "MustChangePassword" value. If it's false, do nothing further. If it's true, redirect them to a page where they are told they must change their password and are given the ability to do so.

Keep in mind that if you do not authenticate the user and set the auth cookie before the redirection, then you will need to prompt them for their username and existing password on this page or store it in the session before redirection and retrieve it from the session on this page so you know which user's pw is going to be changed. If you do authenticate them and set the auth cookie before redirection, then you will need a mechanism to prevent them from accessing the other pages on your site because they will be logged in and could technically link directly to the urls.
0
 
run2004Commented:
If you are using Visual Studio 2005, you can use the password recovery wizard from the toolbaox that is built in feature of Visual Studio 2005 and select the options from there.
0
 
PHDCommented:
Too bad that there is no reply or comment from the author about the proposed solutions.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now