如何强制用户在首次登录时更改密码。 [英] How to enforce users to change their password on first login.

问题描述

我创建了一个有6种用户的应用程序。

有三个表。第一个名为ROLE，其中包含用户角色。第二个名为IDENTIFICATION，其中包含用户的用户名和密码，最后第三个表名为PERSON，其中包含用户的详细信息，如名字，姓氏，出生日期等。



存在的问题是我没有使用任何类型的会员提供者。

有三种管理员根据他们的角色注册其他类型的成员。 />
表ROLE只有两列，如ID_Role（自动增量属性）和RoleName。

表IDENTIFICATION，具有ID_Identification，UserName，Password和ID_Role。

除了人员数据之外的表PERSON有ID_Role和ID_Identification的列



C＃中的代码是什么，或者当admin注册用户时我必须做什么，在用户第一次登录后强制他更改密码。



提前感谢您的回复。

干杯。

解决方案

< blockquote>您还没有提供其他信息如何设置初始密码，您是否希望用户进行身份验证以确保没有机器人创建用户（如Varify Email等）...



简单只需将IsAuthenticated列添加到IDENTIFICATION表中。



最初保持为false，并在首次登录时检查此值，如果为false然后强制用户更改密码。



如果您希望用户每3个月更改一次密码或想要更改密码，此字段也可以在将来使用改变所有用户的政策。



如果我想实现一个安全的网站，我一定会这样做。



就像我12岁的Google帐户最初允许我只提供3个字符密码，然后5年后他们改为6个字符，几年前他们现在强制使用所有新帐户的特殊字符，但是他们是旧账户仍然允许我登录6个帐号。明天说如果他们想要强制每个人改变密码，他们只需要更新标志:)



希望这会有所帮助，并会给你一个方向。



谢谢

Rushi

I created an application which has 6 kind of users.
There are three tables. The first one is named ROLE that holds the role of user. The second one is named IDENTIFICATION that holds the username and password of a user and finally the third table is named PERSON that holds the detail of a user like first name, last name, date of birth etc.

The problem exists that I'm not using any kind of membership providers.
There are three kind of admins that register other kind of members according to they role.
The table ROLE has only two columns like ID_Role (auto increment property) and RoleName.
The table IDENTIFICATION which has ID_Identification, UserName, Password, and ID_Role.
The table PERSON except person data has the columns of ID_Role and ID_Identification

What is the code in C# or what I have to do when admin registers the user, after the user logs in for the first time to enforce him to change his password.

Thank you in advance for your reply.
Cheers.

解决方案

You haven't provided other information how you are setting initial password, do you want user to Authenticate to make sure there is no Robot creating user (like Varify Email etc..)...

Simple just add IsAuthenticated column into IDENTIFICATION table.

And keep it false initially, and on first login check this value and if it false then force users to change their password.

also this field can be use in future if you want a user to change their password after every 3 months or want to change password change policy across the all user.

If I wanted to implement a secure website I will definitely go with this way.

Like my 12 years old Google account initially allowing me to provide only 3 chars password then after 5 years they changed to 6 chars and few years back they they are now enforcing to use special characters for all new account, but on old account they are still allowing me login with 6 chars account. Say tomorrow if they want to enforce everyone to change password, they just need to update flag :)

Hope this will help and will give you a direction.

Thanks
Rushi

这篇关于如何强制用户在首次登录时更改密码。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！