Click here to Skip to main content
14,770,737 members
Search within:


How to enforce users to change their password on first login.
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
ASP.NET
SQL
I created an application which has 6 kind of users.
There are three tables. The first one is named ROLE that holds the role of user. The second one is named IDENTIFICATION that holds the username and password of a user and finally the third table is named PERSON that holds the detail of a user like first name, last name, date of birth etc.

The problem exists that I'm not using any kind of membership providers.
There are three kind of admins that register other kind of members according to they role.
The table ROLE has only two columns like ID_Role (auto increment property) and RoleName.
The table IDENTIFICATION which has ID_Identification, UserName, Password, and ID_Role.
The table PERSON except person data has the columns of ID_Role and ID_Identification

What is the code in C# or what I have to do when admin registers the user, after the user logs in for the first time to enforce him to change his password.

Thank you in advance for your reply.
Cheers.
Posted
Add a Solution
Comments
Corporal Agarn 3-Nov-15 9:31am
   
How is the initial password set?
Krunal Rohit 3-Nov-15 10:58am
   
I assume you're allowing users to register with password.
Check if the registration password and whatever enters at the login time password is same or not. If it is same redirect to change password page, else redirect to wherever you want.

As you haven't shown your code, it is hard to tell how you can do it. Though it was a basic idea, not you're supposed to implement it.

-KR
dr_iton 3-Nov-15 11:55am
   
I'm using a data table to check if the user exists in database. If user exists, than he can be logged in and redirected to a specific site.
When I register a user the username is firstname.lastname, if the database has an record with the same first name and last name than his username gets auto increment like firstname1.secondname and so on.
@KrunalRohit according to you, do I have to make another column in the table IDENTIFICATION about the registration time or what do you suggest.
Thank you again.

1 solution

You haven't provided other information how you are setting initial password, do you want user to Authenticate to make sure there is no Robot creating user (like Varify Email etc..)...

Simple just add IsAuthenticated column into IDENTIFICATION table.

And keep it false initially, and on first login check this value and if it false then force users to change their password.

also this field can be use in future if you want a user to change their password after every 3 months or want to change password change policy across the all user.

If I wanted to implement a secure website I will definitely go with this way.

Like my 12 years old Google account initially allowing me to provide only 3 chars password then after 5 years they changed to 6 chars and few years back they they are now enforcing to use special characters for all new account, but on old account they are still allowing me login with 6 chars account. Say tomorrow if they want to enforce everyone to change password, they just need to update flag :)

Hope this will help and will give you a direction.

Thanks
Rushi
   
Posted
Comments
W Balboos, GHB 3-Nov-15 12:55pm
   
A slight alternative: instead of a true/false column you could use getdate() (initialize to null) and then use the last change to enforce future changes - it also acts slightly as a log.
Joshi, Rushikesh 5-Nov-15 17:40pm
   
Thanks for your Alternate options. I will put a note in original answer.
dr_iton 4-Nov-15 17:25pm
   
I Solved the problem after I added another column in table IDENTIFICATION with DateTime and allowing NULL values when registering new users.
If the user logs in for the first time he will be redirected to the page that he must change the PASSWORD.
I have another problem, while the user changes his password I want to hide some menu items.
According to their role I made the menus to show like following:
<% if ((Session["Role"] != null ? (string)Session["Role"] : "") == "MasterAdmin")
{ %>

<li>
<asp:Label CssClass="menuNormal" ID="lbl_MasterAdmin" Text="MASHT" runat="server"></li>

<% }
else if ((Session["Role"] != null ? (string)Session["Roli"] : "") == "User")
{ %>
<li>
<asp:Label CssClass="menuNormal" ID="lbl_Shkolla2" Text="User" runat="server"></li>
<%}
Thank you again.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Force a user to create password on first Login
changing the password by user for login form in c#
How to create change user password?
Login password for app
login and password change
sample for user registration and login and change password for asp.net web application
user should navigate to change password page upon login after password is reset
How to restrict user for SQL Login only with New Password after changing password
Send a link to Change Password to the User
Username and password login java project


Advertise
Privacy
Cookies
Terms of Use
Last Updated 3 Nov 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2021
All Rights Reserved.

Web06 2.8.20210301.2

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900