new user setup

Nov 2, 2011 at 8:29 PM


I have the FBApack setup and it all semms to be working. The Site is fron-ended by a UAG server  whuch pre-authenticates the user agains sql, and provides a password recovery mechanism using the 'secret password' stored in the sql database.  I'm using a custom webapp for the Forgot Password  function, because the UAG won't let anyone into sharepoint until they are authenticated.

I now want to somehow configure it so that a user can edit his own profile -- mainly the 'secret question.

In My environment , a business user will set up the external user user in sql server  with a user id and password.  He'll then tell  the user  the ID and Password.

When the user logs in, I want to force him ti  change his password and enter a value for his 'secret question' and answer.

I'm thinking I can put an control on my main page that checks to see if the secret question is blank, and then, if it is, redeirects the user to a 'edit my profile' page that makes hin change his password, and enter a secret uestion/answer for subsequent password recoveries.

Is this  the way tod do this, or do you have other suggestions?

Also,  do you have any recommendations about forcing users to change their passwords after so many days?



Nov 2, 2011 at 9:03 PM

That should work! I did something somewhat similar for a client. They wanted the user to see the Change Password page the first time they signed in, or recovered their password.  I modified the login page to redirect them to the Change Password page after they successfully logged in, if a "ChangedPassword" field (which I stored on the SharePoint user profile) hadn't been set.  You could use the same mechanism for forcing them to change their passwords - just use a date field for "ChangedPassword" instead of a boolean.

Nov 3, 2011 at 10:16 PM

Thanks for your quick reply. I am working on the component that will redirect a user to the page to enter his secret question/answer. To do that I need to know if he was authenticated via FBA or NTLM. Do you know how to tell if a user was authenticated vi FBA or NTLM?

Also, I'm curious why you put the "ChangedPassword" date you mentioned in your reply in the user profile rather than using the on thats kept in the membership provider? (I'm thinking thats a new addition toi the membership provider)


Nov 4, 2011 at 7:00 AM

One way to tell is by their username.  FBA usernames are in a special claims format, like i:0#.f|fbamembershipprovider|myusername.  Sharepoint comes with a function that checks if a string is an encoded claim, so you could use this: 


As for the ChangedPassword field - I don't keep the date in the profile - I keep a true/false flag to let me know if the password needs to be changed.  I didn't think to check the membership provider for a password change date, so yes for you i'd say that would be a better way to go.