- Defining when the user should change the password
- Create the functionality to handling the current user who tries to log into Sitecore
- At the loggingin processor add the processor setting to the functionality at step 2
Defining when the user should change the password
First, I created an item to handle the timespan from when users have to change their password. And also an checkbox to (de-)activate the “Force New Password” functionality.Create the functionality
Sitecore security model uses the ASP.NET membership. The ASP.NET membership includes different information about authentications of the users – the creation date of the users, last login date, last logout date, but also last password changed date of each user. Knowing this, it is straightforward to implement the “Force New Password” functionality. It only requires a couple of lines of coding.When authenticating the user logging into Sitecore, the trick is to check the “LastPasswordChangedDate”:
currentUser.LastPasswordChangedDate
The Codings:
using System;
using System.Web;
using System.Web.Security;
using Sitecore.Data.Items;
using Sitecore.Pipelines.LoggingIn;
namespace MyProject.SitecoreExtensions.Pipelines.LoggingIn
{
public class ForceNewPassword
{
private Item itmForceNewPasswordSetting =
Sitecore.Configuration.Factory.GetDatabase("master").GetItem("/sitecore/system/Settings/Security/Security Settings/Force New Password");
public void Process(LoggingInArgs args)
{
if (!IsActivated())
return;
int monthsToExpire = 0;
int.TryParse(itmForceNewPasswordSetting["TimeToExpire"], out monthsToExpire);
if(monthsToExpire.Equals(0))
return;
MembershipUser currentUser = Membership.GetUser(args.Username);
if (currentUser != null)
{
if ((DateTime.Now.AddMonths(-monthsToExpire)) > currentUser.LastPasswordChangedDate)
{
Sitecore.Diagnostics.Log.Audit(string.Format("Force New Password: User {0}, has been forced to change password", user.UserName), this);
//Redirect to Sitecore default Change Password Site
HttpContext.Current.Response.Redirect("/sitecore/login/changepassword.aspx");
}
}
}
private bool IsActivated()
{
if (itmForceNewPasswordSetting == null)
return false;
if (string.IsNullOrEmpty(itmForceNewPasswordSetting["ActivateForcePassword"]))
return false;
if (itmForceNewPasswordSetting["ActivateForcePassword"].Equals("0"))
return false;
return true;
}
}
}
Add a processor tag to the loggingin processor
The final step is to add the functionality checking whether the current user needs to change the password, into the loggingin processor.You could do this by adding the processor tag manually directly into the web.config file, but best practice is to include the modifications into a separate include file (stored under “/App_Config/Include” folder):
Notice the changes should be included as the first processor in the loggingin processor (this is done by using the “patch:before” setting).
No comments:
Post a Comment