We’ve got a project built on Winforms and Entity Framework 4.2 (code-first) and SQLServer 2008 R2.
In this project users must authenticate against the SQL Server using their username/password (from the login screen).
So there will be no “master” or “system” user and there will be no query to retrieve/compare the username/password: the process is already done using the login into the SQL Server.
The users will have their own SQL user accounts and it should be handled within the application.
However we’ve come across password expiration policy and it got us stuck in the dark.
How may we handle that? Specifically, how may we handle this when the account is already expired?
We have already handled the exception but we simply don’t know how to change the password remotely for the user.
It’s not about the user A changing password for B. It’s about A changing it’s own password because it has expired (and I cannot ask the users to login into the SQL Server Management Studio to do that).
You can use the ALTER LOGIN statement
However, note that this theoretically allows any user to change any other user’s password provided they have the ALTER LOGIN permission, so you should ensure you make the user supply the old password too (which I believe is the default).
Out of interest, why didn’t you go for Windows Authentication? That way the login expiry and password handling would be transparent to you.