ASP.NET membership password expiration

前端未结

关注

 6  544

感动是毒 2021-01-30 14:24

I am using ASP.NET membership for the authentication of my web app. This worked great for me. I now have to implement password expiration.

If the password has expired th

6条回答

长情又很酷 (楼主)

2021-01-30 15:05

Further to Andrew's answer, I found you need to check that the user is not already on the change password page, or they will never be able to actually change their password, and hence never leave the change password site:

void Application_PostAuthenticateRequest(object sender, EventArgs e)
    {
        if (this.User.Identity.IsAuthenticated)
        {
            // get user 
            MembershipUser user = Membership.GetUser();

            // has their password expired? 
            if (user != null
                && user.LastPasswordChangedDate.AddMinutes(30) < DateTime.Now
                && !Request.Path.EndsWith("/Account/ChangePassword.aspx"))
            {
                Server.Transfer("~/Account/ChangePassword.aspx");
            }
        }
    }

0 讨论(0)

查看其它6个回答