Hello,
I have the FBApack setup and it all semms to be working. The Site is fron-ended by a UAG server whuch pre-authenticates the user agains sql, and provides a password recovery mechanism using the 'secret password' stored in the sql database. I'm
using a custom webapp for the Forgot Password function, because the UAG won't let anyone into sharepoint until they are authenticated.
I now want to somehow configure it so that a user can edit his own profile -- mainly the 'secret question.
In My environment , a business user will set up the external user user in sql server with a user id and password. He'll then tell the user the ID and Password.
When the user logs in, I want to force him ti change his password and enter a value for his 'secret question' and answer.
I'm thinking I can put an control on my main page that checks to see if the secret question is blank, and then, if it is, redeirects the user to a 'edit my profile' page that makes hin change his password, and enter a secret uestion/answer for subsequent
password recoveries.
Is this the way tod do this, or do you have other suggestions?
Also, do you have any recommendations about forcing users to change their passwords after so many days?
That should work! I did something somewhat similar for a client. They wanted the user to see the Change Password page the first time they signed in, or recovered their password. I modified the login page to redirect them to the Change Password page
after they successfully logged in, if a "ChangedPassword" field (which I stored on the SharePoint user profile) hadn't been set. You could use the same mechanism for forcing them to change their passwords - just use a date field for "ChangedPassword"
instead of a boolean.
Thanks for your quick reply. I am working on the component that will redirect a user to the page to enter his secret question/answer. To do that I need to know if he was authenticated via FBA or NTLM. Do you know how to tell if a user was authenticated vi
FBA or NTLM?
Also, I'm curious why you put the "ChangedPassword" date you mentioned in your reply in the user profile rather than using the on thats kept in the membership provider? (I'm thinking thats a new addition toi the membership provider)
One way to tell is by their username. FBA usernames are in a special claims format, like i:0#.f|fbamembershipprovider|myusername. Sharepoint comes with a function that checks if a string is an encoded claim, so you could use this:
Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.IsEncodedClaim(Microsoft.SharePoint.SPContext.Current.Web.CurrentUser.LoginName)
As for the ChangedPassword field - I don't keep the date in the profile - I keep a true/false flag to let me know if the password needs to be changed. I didn't think to check the membership provider for a password change date, so yes for you i'd say
that would be a better way to go.