More in this section
Forums / Security / Password Expiration with Active Directory Membership Provider

Password Expiration with Active Directory Membership Provider

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
2 posts, 0 answered
  1. Tod
    Tod avatar
    1 posts
    29 Mar 2010
    30 Mar 2010
    Link to this post

    I would like to start off with saying that these forums have been a HUGE help thus far.

    I'm stumped.  Perhaps I am overthinking this (or not thinking at all), but I cannot find clarification to something that has been on my mind.  What will happen when a user attempts to authenticate into a Sitefinity instance using the Active Directory Membership Provider with an account that has an expired password?

    How does one deal with this situation?  Is this something I would have to account for programmatically or does Sitefinity have something already in place.

    Any insight would be greatly appreciated.

    Thanks in advance.

  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    12 Sep 2017
    30 Mar 2010
    Link to this post
    Hi Tod,

    You need to create some custom logic to sort this out. Generally if you have password expiration, the use will not be able to log in which will result in warning message for wrong combination - username password. What you can do

    1. Create a service that checks regularly  the password expiration for each user. If the password is going to expire in a day or two - send an notification email

    2. If an user with expired password is trying to access any part of your website, you could check this and  the user should be redirected to changepassword screen. Below are some steps

    1) Subscribe for the LoggingIn event of the Login control
    2) Get the user and its  LastPasswordChangedDate property
    3) Use a TimeSpan, compare LastPasswordChangedDate with the current date
    4) Redirect to the ChangePassword screen if the password has been expired.

    You could follow the same logic with your AD, but you need to get access to the AD user.

    Kind regards,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
2 posts, 0 answered