You could use several methods for attaining this.
If you don't want to force users to change password, but want to display a warning message in your home page, please do as follows :-
- Create a Page item called PASSWORD_EXPIRED in your Home Page.
- Create an On-Page Load Process in your Home Page and write SQL query to access password_expired from Database table
- Set the value of PASSWORD_EXPIRED to Y or N based on Query Criteria.
- Create a Dynamic Action on PASSWORD_EXPIRED field ( on change event ) and direct it to display your error message,
I have tried all of these things. The message is shown, but it still does not prevent the other pages to show and just allow the change password page.
I have put a condition on the login page to re-route the page to the change password page when the password have expired. I also have done the above mentioned and put the same on the on-page Load process to redirect to the change password page.
Still it goes to the other pages and ignored my suggestions.
If you want the user to be able to authenticate and then change the credentials, then you could use an authorization scheme which is applied to the application (minus public pages) and put a link in its error message to the change password page.
If you simply do not want them to be authenticated then you could change your login function to fail when the password is expired. A failed login will not allow them into the application. Since you already have custom authentication set up, that shouldn't be too hard to do either.
Or maybe someone else has a much better idea than this
I would suggest the following:
Create your authentication scheme, in it have the ability to redirect to a PUBLIC page if the password has expired.. On the PUBLIC page have a method to get a new password and validate it to your business rules and save it to your users table. On completion of the PUBLIC page, have it redirect to your login page and have the user login with their NEW password..