Force user change password when loading any webpage

Question

I am using ASP.net core 2.0. I added a flag column called IsChangePassword to my AspNetUsers table and to my ApplicationUser class. The idea is to force the user to change their

Answer 1

I would use a middleware, in which I would check the HttpContext for the current principal and check the IsChangePassword property value of the underlying user.

Then, according to the IsChangePassword property value, I would redirect the current request to the change password form.

The pro of this solution is that you don't need to edit any actions and controllers.

The con is that you add a if statement to every requests but additional configuration is possible.