CODEWITHSUNDEEP
asp.net
Imran Jawaid
Imran Jawaid

Reputation: 471

ASP.NET Membership API force password change

I am using ASP.NET Membership API. I want to force the user to change their password after the first time he logs in. But, I could not find any such built in functionality in the Membership API of ASP.NET.
Is it possible, or not? If yes, how can it be done easily?

Upvotes: 7

Views: 10894

Answers (4)

Jakub Konecki
Jakub Konecki

Reputation: 46008

There is no built-in functionality.

You will need to implement it yourself. Here's an example: http://forums.asp.net/p/1273575/2414481.aspx

Upvotes: 4

user2890954
user2890954

Reputation: 11

This is how I did it. It is better to do it after logging in.

protected void LoginUser_LoggedIn(object sender, EventArgs e)
    {

        if (Membership.ValidateUser(this.LoginUser.UserName, this.LoginUser.Password))
        {
            MembershipUser user = Membership.GetUser(this.LoginUser.UserName);
            if (user == null)
            {
                this.LoginUser.FailureText = "Invalid username. Please try again.";
                return;
            }
            if (user.IsLockedOut)
            {
                user.UnlockUser();
            }

            if (user.LastPasswordChangedDate == user.CreationDate) //if true, that means user never changed their password before
            {
                Response.Redirect("~/Account/ChangePassword.aspx");
            }
        }
    }

Upvotes: 1

campervancoder
campervancoder

Reputation: 1629

Below is the solution in VB. It also includes the FindControl for reading and setting the asp:Login ID="LoginUser" form elements. 

Protected Sub LoginButton_Click(sender As Object, e As EventArgs)

    '***note: UserName and Password are textbox fields***
    Dim UserName As TextBox = DirectCast(LoginUser.FindControl("UserName"), TextBox)
    Dim Password As TextBox = DirectCast(LoginUser.FindControl("Password"), TextBox)
    Dim FailureText As Literal = DirectCast(LoginUser.FindControl("FailureText"), Literal)

    If Membership.ValidateUser(UserName.Text, Password.Text) Then
        Dim user As MembershipUser = Membership.GetUser(UserName.Text)
        If user Is Nothing Then
            FailureText.Text = "Invalid username. Please try again."
            Return
        End If
        If user.IsLockedOut Then
            user.UnlockUser()
        End If

        ' this is the interesting part for you 

        If user.LastPasswordChangedDate = user.CreationDate Then
            'TODO: add your change password logic here
        End If
    End If
End Sub

Upvotes: 0

m.othman
m.othman

Reputation: 638

Here you are, a fully tested solution ;)

protected void LoginButton_Click(object sender, EventArgs e)
{
    /****note: UserName and Password are textbox fields****/

    if (Membership.ValidateUser(UserName.Text, Password.Text))
    {
        MembershipUser user = Membership.GetUser(UserName.Text);
        if (user == null)
        {
           FailureText.Text = "Invalid username. Please try again.";
           return;
        }
        if (user.IsLockedOut)
           user.UnlockUser();

        /* this is the interesting part for you */
        if (user.LastPasswordChangedDate == user.CreationDate) //if true, that means user never changed their password before
        {
            //TODO: add your change password logic here
        }
    }
}

In case you need help in how to change password, please let me know.

Should this post be in any help for you, please tag as answer

Upvotes: 11

Related Questions