Password expiration good practice.
- From: Mathieu Pagé <mathieu.page@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 08 Jan 2008 10:05:06 -0500
Hi,
In my ASP.NET application I want the password to expires after some time. When a user sign in and his password is expired I automatically send him to the change password page with a message explaining why he is required to change his password.
What I want to do is prevent him to browse to any other page (whether by using a link or by entering an other page URL in his browser) before his password has been changed.
The only way I can think of, and I don't like it, is to check in the OnLoad of every pages if the password is not expired and redirect the user if it is.
Since this a common scenario, I suppose there is some etablished "good practices" already know to deal with this problem. So i'm here, asking you : Is there an elegant way to prevent a logged user from browsing my site before he change his password?
Thanks in advance,
Mathieu Pagé
.
- Follow-Ups:
- Re: Password expiration good practice.
- From: Alexey Smirnov
- Re: Password expiration good practice.
- Prev by Date: Re: Problem establishing SSL connection in code-behind
- Next by Date: Re: Problem establishing SSL connection in code-behind
- Previous by thread: Problem establishing SSL connection in code-behind
- Next by thread: Re: Password expiration good practice.
- Index(es):
