I have the FBApack setup and it all semms to be working. The Site is fron-ended by a UAG server whuch pre-authenticates the user agains sql, and provides a password recovery mechanism using the 'secret password' stored in the sql database. I'm using a custom webapp for the Forgot Password function, because the UAG won't let anyone into sharepoint until they are authenticated.
I now want to somehow configure it so that a user can edit his own profile -- mainly the 'secret question.
In My environment , a business user will set up the external user user in sql server with a user id and password. He'll then tell the user the ID and Password.
When the user logs in, I want to force him ti change his password and enter a value for his 'secret question' and answer.
I'm thinking I can put an control on my main page that checks to see if the secret question is blank, and then, if it is, redeirects the user to a 'edit my profile' page that makes hin change his password, and enter a secret uestion/answer for subsequent password recoveries.
Is this the way tod do this, or do you have other suggestions?
Also, do you have any recommendations about forcing users to change their passwords after so many days?