19 Aug 2010

ASP.NET MVC 2 - Force Password Change

How to force the user to change their password when they log on? Here's how. This assumes you're not using the Membership model's User Comments field, because we're going to use it to store a flag. You're going to want to put 'using System.Web.Security;' at the top of your files cos we use the Membership classes a lot.

First define a nice enum somewhere as I'm scared of string literals.

public enum MembershipFlagType

Next we'll put in the code that sets the flag - e.g. in an ActionMethod where the user password is reset:

MembershipUser user = Membership.GetUser(User.Identity.Name);
user.Comment = MembershipFlagType.RequirePasswordChange.ToString();
string newPassword = user.ResetPassword();

Now we define a new Action Filter Attribute to perform a check for the RequirePasswordChange flag:

public class EnforcePasswordPolicy : ActionFilterAttribute
public override void OnActionExecuting(ActionExecutingContext filterContext)
MembershipUser user = Membership.GetUser(filterContext.HttpContext.User.Identity.Name);
if (user.Comment == MembershipFlagType.RequirePasswordChange.ToString())
filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new {controller = "account", action = "changepassword"}));


Then all you have to do is decorate your ActionMethods with the new attribute:

public ActionResult Index(IndexViewModel viewModel)

Don't forget to clear the comment field after the user has changed their password, otherwise they'll be stuck in a loop.


  1. Anonymous2:48 pm

    I've been looking for something like this. But instead of use the Comment field. My check is if CreationDate == LastPasswordChangeDate. Those match on user creation.

  2. Anonymous10:15 am

    Thank you. This is exactly what I was looking for.

  3. Excellent! A bit hacky, but mission accomplished...

  4. Anonymous11:04 am

    Can you please tell me how to Clear the comment field?

  5. Useful information provided on OnActionExecuting method.

    asp.net mvc training in chennai | Dot Net Training in Chennai

  6. It would have been the happiest moment for you,I mean if we have been waiting for something to happen and when it happens we forgot all hardwork and wait for getting that happened.
    Java training in Chennai

    Java training in Bangalore


  7. This is quite educational arrange. It has famous breeding about what I rarity to vouch. Colossal proverb.
    This trumpet is a famous tone to nab to troths. Congratulations on a career well achieved. This arrange is synchronous s informative impolites festivity to pity. I appreciated what you ok extremely here 

    Selenium training in bangalore
    Selenium training in Chennai
    Selenium training in Bangalore
    Selenium training in Pune
    Selenium Online training

  8. I read this blog i didn't have any knowledge about this but now i got some knowledge so keep on sharing such kind of an interesting blogs.

    Java Training | Java Training Institute | Java Training in Chennai | Java Training Institute in Chennai

    Tableau Training | Tableau Course | Tableau Training in Chennai | Tableau Course in Chennai


Comments are very welcome unless you're a spammer, in which case you should probably kill yourself.

If I helped you out today, you can buy me a beer below. Cheers!