ASP.NET membership password expiration

前端未结

关注

 6  531

感动是毒 2021-01-30 14:24

I am using ASP.NET membership for the authentication of my web app. This worked great for me. I now have to implement password expiration.

If the password has expired th

6条回答

失恋的感觉 (楼主)

2021-01-30 15:24

I got here looking for a solution to this but my current technology is ASP.NET MVC. So to help others: you can extend the AuthorizeAttribute, and override OnAuthorization method, like this:

public class ExpiredPasswordAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        IPrincipal user = filterContext.HttpContext.User;

        if(user != null && user.Identity.IsAuthenticated)
        {
            MembershipUser membershipUser = Membership.GetUser();

            if (PasswordExpired) // Your logic to check if password is expired...
            {
                filterContext.HttpContext.Response.Redirect(
                    string.Format("~/{0}/{1}?{2}", MVC.SGAccount.Name, MVC.SGAccount.ActionNames.ChangePassword,
                    "reason=expired"));

            }
        }

        base.OnAuthorization(filterContext);
    }
}

Note: I use T4MVC to retrieve the Controller and Action names in the code above.

Mark all controllers with this attribute except "AccountController". Doing so no user with an expired password will be able to surf the site.

Here's a post I did on the subject with some bonus points:

User Password Expired filter attribute in ASP.NET MVC

0 讨论(0)

查看其它6个回答