ASP.NET membership password expiration

Question

I am using ASP.NET membership for the authentication of my web app. This worked great for me. I now have to implement password expiration.

If the password has expired th

Answer 1

Further to csgero's answer, I found that you don't need to explicitly add an event handler for this event in ASP.Net 2.0 (3.5).

You can simply create the following method in global.asax and it gets wired up for you:

void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
    if (this.User.Identity.IsAuthenticated)
    {
        // get user
        MembershipUser user = Membership.GetUser();

        // has their password expired?
        if (user != null
            && user.LastPasswordChangedDate.Date.AddDays(90) < DateTime.Now.Date
            && !Request.Path.EndsWith("/Account/ChangePassword.aspx"))
        {
            Server.Transfer("~/ChangePassword.aspx");
        }
    }
}