Password expiration in ASP.NET MVC
Question
I would like to check if logged user password hasn't expired. If it has the user should be redirected to Change password page. The redirection should be executed for every action - not only after logging in. The thing I tried was to user global attribute and check user's PasswordChangedDate property.
public class PasswordExpiredAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
IPrincipal user = filterContext.HttpContext.User;
if (user != null && user.Identity.IsAuthenticated)
{
//check the date
//how to get the user object using Identity UserManager?
}
base.OnAuthorization(filterContext);
}
}
The main problem is that I have no idea how to get the user data to check the PasswordChangedDate property. I'm using ASP.NET Identity 2.
1 answers
solution1
0 2019-12-19 14:36:44
You can do this by validation of the Security Stamp. Add a claim with the security stamp (normally all ready send by Identity) and validate this with the users security stamp in the database on every request.
Make sure you UpdateSecurityStamp when anything changes like password changes.
await _userManager.UpdateSecurityStampAsync(user);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.