I need to implement such a feature . It need to work so that x days after you last changed your password, then when you login you get a message that says, your password has expired, please enter a new password and confirm the new password
Do you have any ideas/suggestions how to do that in the proper way?
You can add your own processor as a first processor of loggingin pipeline with Process method:
public void Process(LoggingInArgs args)
{
MembershipUser user = Membership.GetUser(args.Username);
if (user != null)
{
DateTime date = user.LastPasswordChangedDate;
if ((DateTime.Now - date).TotalDays > maxDaysWithoutPasswordChange)
{
HttpContext.Current.Response.Redirect("/passwordchangepage");
}
}
}
This will redirect all the users that require password change to the /passwordchangepage url. On this page create a form for old password and new password.
On submitting the form execute password change:
MembershipUser user = Membership.GetUser(username);
user.ChangePassword(oldPassword, newPassword);