what or how to do if the user need to change password before entering the system.

  • Thread starter Thread starter spncc
  • Start date Start date
S

spncc

i'm making Form authenticate page to let the user first logon before
using the application. However, like most security manner, the new
user is needed to first logon and forced to change password before
using the application.

My problem is
- When the user passed the authentication at logon page, we need to
redirect them to change thier password. but anyway the user can type
at the address bar to surf other pages on the application. What should
i do to avoid that situation. if the user does not successfully change
the password, they are not allow to use the applicaiton (even view the
page as if they never logon successfully).

any idea is truely appreciate.
 
Why don´t you logon the user as a kind of Anonymous user, that way the
user will have no permissions to access important stuff. Once the user
change his password you overwrite the cookies and let the user logon
as the user himself..
Hope this helps,
Diego
 
Why don´t you logon the user as a kind of Anonymous user, that way the
Click to expand...
-->> it's the application for my company only that will be access from
various country.
it's the application not just intranet pages. so we need the logon
page for authentication.
user will have no permissions to access important stuff. Once the user
change his password you overwrite the cookies and let the user logon
Click to expand...
--> i'm not allow to use cookies :S
as the user himself..
Hope this helps,
Diego
Click to expand...

and Diego, how can i logon with anonymous and know which one is loggin
in ???
and is it applied to window authenticate mode???
i don't want the user to surf to any pages before they logon.

and if the user is succesfully logon (authentication is true) then
user can goto other pages.

but if that is the first time logon, user need to change pasword.
at that time..... with authenticate = true, the user can go to any
pages ....
but if i force authenticate = false ......
then even the change password page is not available......

rite????

then how can they change the password then ???
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Getting the password from WindowsIdentity/WindowsPrincipal?? 9
Form based security using main web page with Frames 1
Can a GINA STUB fulfil my requirement? 0
Means to use current user's credentials to autoLogon to Remote Desktop 2
Provide a link to a secure website from a WinForms application 3
ASP.NET Basic Authentication programmatically. 0
How can i connect LDAP and query AD to authorize Domain User Name and Password? 0
Web apps x 2 - Sharing session 2

Back
Top