I am building an extranet site where the site users have very little security. If the users permission level omits view application pages, then browsing to the change password page results in an access denied page. If I grant the level 'view application
pages', the users have read-only access to the site contents, which I do not want. What is the best way to expose the change password page without exposing the site contents?