Force Password change on first login

Nov 14, 2012 at 10:56 PM

How can i accomplish password change on first login? which even handler do i need to use in login page's code behind?

Also, do you have a code snippet that i can resuse for the functionality to redirect a user to password change page upon first login?

I tried redirecting a user to a passwordchange page to test, but it never redirects from  the login page and stays there after login.



Nov 15, 2012 at 3:37 AM

To accomplish password change on first login, i'd create an additional field on the user's profile, and then when they login - check the field.  If it's set, redirect to a change password page.  Changing the password changes the value of the field so the user isn't redirected the next time they login.

As for redirecting the user, you could do it pretty easily by creating a web part that gets added to the home page.  Then every time the user hits the home page, the web part code would be run that would redirect them if their profile field is set.  You could do the same thing by adding a custom control to the master page - then the code would run anytime any page is loaded.  

If you want to add the code to just the login page and are having issues, you could use reflector or ilspy to find out what's happening in the code behind and adapt your changes to that.

Nov 15, 2012 at 2:25 PM

thanks. Is there any issue in using Global.asax to check for field instead of creating a web part?

so create an additional colum  like "IsPasswordChanged" in the Profile table? how does this field gets updated automatically upon password change? can i use the existing API to accomplish all this or do i need to write a seperate sql query etc?



Nov 15, 2012 at 7:28 PM

I've never made global.asax modifications for SharePoint, so I'm not sure of issues with this method.

As for making the other changes, i'd probably just modify the components in the fba pack: 

Create a ChangePasswordRequired field in the profile when the feature is activated

Modify the membership request to set ChangePasswordRequiered = 1 when a new user is created.

Modify the change password web part to set ChangePasswordRequired = 0 when a password is changed.

Nov 15, 2012 at 7:54 PM

When you say create a field in pofile,  in UserNew.aspx? do i need to add a field to membersihp table also?

Nov 15, 2012 at 9:37 PM

I was actually referring to the SharePoint user profile, essentially this:

You can look at the code for saving the user's fullname field - that is only stored in the SharePoint user profile - it is not on the membership database.

That should be all you need if all of the user management will be in a single site collection.  If it will be spread across multiple site collections, then you may want to consider using the membership profile provider to add the field to the database.

Nov 16, 2012 at 12:13 AM

Perfect. That worked :)

Dec 14, 2012 at 5:53 PM

Hi Chris,

 I've added some additional fields to the User Information List. I'm trying to find the class and method where you save the user's information during the Request Access page. Can you point me in the right direction.




Dec 14, 2012 at 6:11 PM

Check out the ApproveMembership function on MembershipRequest.cs.  There's also some code in UserEdit.aspx.cs.