Wednesday, 3 February 2016

Logging User Changing Password

How to extend Sitecore to log information, when user change password.

In Sitecore, you can subscribe to a significant number of default events and define if and how Sitecore should log information about the events (none, low, medium and high). From Sitecore v 8.1 the events are listed in the Sitecore config file located at “/App_Config/Sitecore.config” (previous versions of Sitecore the events are listed in the web.config file).

Sitecore logs different information about the user, when the user is created, deleted, when user information is updated, whenever a user logging in and out of Sitecore. There is no event about changing a user password, though.

If Sitecore should log information about change password for a specific user, one way to do this, is to override the System.Web.Security.SqlMembershipProvider.ChangePassword, add Sitecore log information to the ChangePassword method and change the SQL membership provider.

 The include file changing the membership provider:

    <membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
        <add name="sql" type="MyExtensions.Providers.MyExtendedSqlMembershipProvider" connectionStringName="core" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="256"  xdt:Locator="Match(name)" xdt:Transform="Replace" />

The override of the System.Web.Security.SqlMembershipProvider.ChangePassword:

namespace MyExtensions.Providers
    public class MyExtendedSqlMembershipProvider: System.Web.Security.SqlMembershipProvider
        // Added logging for change password.
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
            var flag = base.ChangePassword(username, oldPassword, newPassword);
            var msg = "";

            if (flag)
                msg = string.Format("AUDIT Password changed for '{0}' by '{1}'", username, Sitecore.Context.User.Name);
                msg = string.Format("AUDIT Change password failed for '{0}' by '{1}'", username, Sitecore.Context.User.Name);

            Sitecore.Diagnostics.Log.Info(msg, this);

            return flag;

1 comment:

Xplorant Seo said...

Wonderful blog.. Thanks for sharing informative blog.. its very useful to me..

iOS Training in Chennai