Home/ Questions/Q 265097
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T22:44:25+00:00

I need to redirect users to the Change Password page if their password has

  • 0

I need to redirect users to the Change Password page if their password has expired.

I want to place this code in one place so that any request can be redirected to the change password page.

I’ve looked into extending the AuthorizeAttribute, and overriding OnActionExecuting, but neither work/allow me to short circuit the routing logic to redirect to the password change page.

For a little clarification, the logic would be:

Unauthorized request:
-> any URL -> AuthorizeAttribute -> Login.aspx -> password expired -> ChangePassword.aspx

Authorized request:
-> any URL -> ??????? -> ChangePassword.aspx

Its that ???? part that I’m not sure what to do.

I think I’m going to go with extending the AuthorizeAttribute. I’ll use that everywhere except the password change controller methods.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    public class DenyExpiredPasswordAttribute : AuthorizeAttribute
{

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        IPrincipal user = filterContext.HttpContext.User;

        if(user != null)
        {
            if (user.Identity.IsAuthenticated)
            {

                if (CurrentUser.PasswordExpired) // your checking of password expiration
                {
                    filterContext.HttpContext.Response.Redirect("~/Account/ChangePassword?reason=expired");
                }
            }
        }
        base.OnAuthorization(filterContext);
    }
}

    this works fine, just mark every controller with this attribute exclude “Account” one. This way no user with expired attribute able to continue until change password.

    • 0