4 Replies Latest reply: Aug 28, 2013 1:20 PM by TexasApexDeveloper RSS

    Prevent users with expired passwords to access the system

    ElsiePretorius

      We use our own users from a table.  In the table, it indicate when a user's password have expired.  At this stage, a message is displayed to indicate that the password have expired, but don't force the user to change password.  The user can also still access the whole system.

        • 1. Re: Prevent users with expired passwords to access the system
          Arun#

          Dear Elsie,

           

          You could use several methods for attaining this.

          If you don't want to force users to change password, but want to display a warning message in your home page, please do as follows :-

          • Create a Page item called PASSWORD_EXPIRED in your Home Page.
          • Create  an On-Page Load Process in your Home Page and write SQL query to access password_expired from Database table
          • Set the value of  PASSWORD_EXPIRED to Y or N based on Query Criteria.
          • Create a Dynamic Action on PASSWORD_EXPIRED field ( on change event ) and direct it to display your error message,

                    when PASSWORD_EXPIRED=Y.

           

          Regds,

           

          Arun

          • 2. Re: Prevent users with expired passwords to access the system
            ElsiePretorius

            Dear Arun

             

            I have tried all of these things.  The message is shown, but it still does not prevent the other pages to show and just allow the change password page.

             

            I have put a condition on the login page to re-route the page to the change password page when the password have expired.  I also have done the above mentioned and put the same on the on-page Load process to redirect to the change password page.

             

            Still it goes to the other pages and ignored my suggestions.

             

            Elsie

            • 3. Re: Prevent users with expired passwords to access the system
              Tom Petrus

              If you want the user to be able to authenticate and then change the credentials, then you could use an authorization scheme which is applied to the application (minus public pages) and put a link in its error message to the change password page.

              If you simply do not want them to be authenticated then you could change your login function to fail when the password is expired. A failed login will not allow them into the application. Since you already have custom authentication set up, that shouldn't be too hard to do either.

              Or maybe someone else has a much better idea than this

              • 4. Re: Prevent users with expired passwords to access the system
                TexasApexDeveloper

                I would suggest the following:

                 

                Create your authentication scheme, in it have the ability to redirect to a PUBLIC page if the password has expired..  On the PUBLIC page have a method to get a new password and validate it to your business rules and save it to your users table.  On completion of the PUBLIC page, have it redirect to your login page and have the user login with their NEW password..

                 

                Thank you,

                 

                Tony Miller

                SmartDog Services

                Austin, TX