Change Password after 90 days ASP.NET Membership

One of the most common requirement related to website's user account security is to prompt for changing password after certain days (usually 90 days). This can be developed with the help of ASP.NET's Membership API.

Membership API already include last password change date as a part of database record and Membership User class provide a property to get that date for user from data store.

Today we will use Membership User class's LastPasswordChangedDate property to determine if user's last password change date was less than 90 days or not and if not then we will redirect user to change password page with message that his password was expired and he will need to change it.

Snapshot:

 

For this we will create three pages:

  1. Login Page
  2. Change Password Page
  3. Final Destination Page (if last change date is less than 90 days then user will land on this page)

Our Login page will contain asp.net's login control with onLoggedIn event created:

ASPX Page:

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

<title></title>

</head>

<body>

<form id="form1" runat="server">

<div>

<asp:Login ID="Login1" runat="server" BackColor="#F7F7DE" BorderColor="#CCCC99"

BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="10pt"

onloggedin="Login1_LoggedIn">

<TitleTextStyle BackColor="#6B696B" Font-Bold="True" ForeColor="#FFFFFF" />

</asp:Login>

</div>

</form>

</body>

</html>

 

Code behind:

protected void Page_Load(object sender, EventArgs e)

{

 

}

protected void Login1_LoggedIn(object sender, EventArgs e)

{

// Create current membership user object

MembershipUser user = Membership.GetUser(Context.User.Identity.Name);

// If user object is null then redirect on login page

if (user==null)

{

Response.Redirect("~/Login.aspx");

}

// Check last change date + 90 days is less then today's date

if (user.LastPasswordChangedDate.AddDays(90)<DateTime.Now)

{

//query string is used to identify if user's password is

// expired or he came on this page to change his password anyway

Server.Transfer("~/ChangePassword.aspx?type=passwordExpired");

}

else

{

Server.Transfer("~/Dest.aspx");

}

 

}

 

After authentication, code will check if user's last password change falls within 90 days or not and depending on that it will redirect user on right page.

If it has been more than 90 days then user will be redirected to change password page. Along with redirect we have appended type query string in the link so we can identify on our change password page that user was redirect on this page because his password was expired.

ASPX Page:

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

<title></title>

</head>

<body>

<form id="form1" runat="server">

<div>

<asp:Label Text="" ID="lblmessage" runat="server" />

<asp:ChangePassword ID="ChangePassword1" runat="server">

</asp:ChangePassword>

</div>

</form>

</body>

</html>

 

Code behind:

protected void Page_Load(object sender, EventArgs e)

{

// Check if querystring exists pas password expired

if (Request.QueryString["type"].Equals("passwordExpired"))

{

lblmessage.Text = "Your password was expired. Please change your password.";

}

else

{

lblmessage.Text = "";

}

}

 

 

Tags: , ,

ASP.NET | Membership