locked
Force users to change their default password RRS feed

  • Question

  • User-1108865520 posted

    Hello everyone,

    I use the Membership structure for a application, and also I mange the accounts. When I create new accounts I have a default password.

    Becasue users forget to change their default password I want to force them to change the password.

    I don't want to log in with every user to check the password. In the database the password is encripted . Is there another way to see which users still have the default password ?

    Wednesday, January 22, 2014 7:07 AM

Answers

  • User1140095199 posted

    Hi,

    Becasue users forget to change their default password I want to force them to change the password.

    The most simple solution for this is to force the user to change their passwords immediately at the first login. You do not need to log in with every user and check.

    There are more than one ways to achieve that.

    Refer to the following link: http://forums.asp.net/p/1273575/2414481.aspx

    Here are the steps.

    The Memberships table in the default aspnetdb has a comment column

    1. Where you are creating users and giving them default passswords. In the same place add the code to change the Comment column value to "Needs Change". As you see in the above pic.

    2. Now when the user tries to LogIn check if the Comment column value is "Needs Change". You can disable the user and redirect him to the ChangePasswordPage.aspx. Hence forcing them to change their passwords.

    protected void Login_Click(object sender, EventArgs e)
        {
            string constr = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;
            using (SqlConnection sqlcon = new SqlConnection(constr))
            {
                sqlcon.Open();
                using (SqlCommand cmd = new SqlCommand("select Comment from Memberships where UserID=(select UserId from Users where UserName=@UserName)",sqlcon))
                {
                    cmd.Parameters.Add("@UserName",SqlDbType.NVarChar,256);
                    cmd.Parameters["@UserName"].Value = Login1.UserName.ToString();
                    string passstatus = cmd.ExecuteScalar().ToString();
                    if (passstatus == "Needs Change")
                    {
                        MembershipUser mu = Membership.GetUser(Login1.UserName.ToString());
                        mu.IsApproved = false;
                        Server.Transfer("~/ChangePasswordPage.aspx");
                    }
                }
            }
        }

    You can refer to the above code and Modify according to your need.
    3. Finally when user changes the password. You can enable him and change the Comment colum to null again. Hence users will be forced to change their default passwords.

    Hope it helps!

    Best Regards.

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, January 23, 2014 12:22 AM

All replies

  • User1140095199 posted

    Hi,

    Becasue users forget to change their default password I want to force them to change the password.

    The most simple solution for this is to force the user to change their passwords immediately at the first login. You do not need to log in with every user and check.

    There are more than one ways to achieve that.

    Refer to the following link: http://forums.asp.net/p/1273575/2414481.aspx

    Here are the steps.

    The Memberships table in the default aspnetdb has a comment column

    1. Where you are creating users and giving them default passswords. In the same place add the code to change the Comment column value to "Needs Change". As you see in the above pic.

    2. Now when the user tries to LogIn check if the Comment column value is "Needs Change". You can disable the user and redirect him to the ChangePasswordPage.aspx. Hence forcing them to change their passwords.

    protected void Login_Click(object sender, EventArgs e)
        {
            string constr = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;
            using (SqlConnection sqlcon = new SqlConnection(constr))
            {
                sqlcon.Open();
                using (SqlCommand cmd = new SqlCommand("select Comment from Memberships where UserID=(select UserId from Users where UserName=@UserName)",sqlcon))
                {
                    cmd.Parameters.Add("@UserName",SqlDbType.NVarChar,256);
                    cmd.Parameters["@UserName"].Value = Login1.UserName.ToString();
                    string passstatus = cmd.ExecuteScalar().ToString();
                    if (passstatus == "Needs Change")
                    {
                        MembershipUser mu = Membership.GetUser(Login1.UserName.ToString());
                        mu.IsApproved = false;
                        Server.Transfer("~/ChangePasswordPage.aspx");
                    }
                }
            }
        }

    You can refer to the above code and Modify according to your need.
    3. Finally when user changes the password. You can enable him and change the Comment colum to null again. Hence users will be forced to change their default passwords.

    Hope it helps!

    Best Regards.

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, January 23, 2014 12:22 AM
  • User-1108865520 posted

    Thanks Sam

    Thursday, January 23, 2014 3:56 AM