Force users to change password after password reset.

I currently use the built in membership for my .net website from Visual Studios.  I use the password reset wizard, where it automatically resets your password and sends you a scrambled new password.  I have read many post on how to force users to change their password on the first log in, but I need to know how to direct them to changepassword.aspx page once they log in.
Shade22Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

leakim971PluritechnicianCommented:
Server side :
Response.Redirect("changepassword.aspx");
0
Shade22Author Commented:
Could you explain how it would know that the user just reset the password and to force the to redirect?  This would be going on the log in page, so it needs to determine if the password has just been reset in order to redirect.  I can't have them being force to change password every time.
0
leakim971PluritechnicianCommented:
I'm assuming you're changing the password on the server side  with some code (database update) so just after you put this code.
0
Shade22Author Commented:
They need to wait for any email with the temporary password.  There I would direct them back to the site, and when they log in with the temporary password on the log in screen it would direct them to the changepassword.aspx page.  If they didn't reset their password, the log in page would just bring them to their normal destination page.
0
guru_samiCommented:
The logic should remain the same as if you your doing change password on first login attempt.
You can try one of these ways:
1: In your reset email, you can provide them the link to a changepassword page.

2: On your Password Reset page, in the SendingMail event, you can set some DB field e.g. Set the member InActive like MembershipUser.InApprove=true or use the CommentField of MembershipUser.
Then on the Login Page you check if the user credentials are valid but user is not approved, redirect them to change password. After Changing password, set them to Active.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.