I created a Membership login system for my client, now they do NOT want the user to use one of his 5 last passwords when it comes time to create a new one.
Is that something that is build in or how could I accomplish that?
Thank you,
Steve
I created a Membership login system for my client, now they do NOT want the user to use one of his 5 last passwords when it comes time to create a new one.
Is that something that is build in or how could I accomplish that?
Thank you,
Steve
This future is not exist on asp.net membership login system. You must implement by your self, on the automatic-creating page of changing password.
You need somewhere to save the previous hash list of your users passwords, and check this list, just before accepting a password change.
Where to start:
Start from the all ready existing password change control.
Here is a password change example.
http://www.asp.net/cssadapters/Membership/ChangePassword.aspx
In this control, (that you can easy drag and drop on your page) capture the events,
<asp:ChangePassword ID="ChangePassword1" runat="server"
onchangingpassword="ChangePassword1_ChangingPassword" ... >...
Make your function to check for old passwords
protected void ChangePassword1_ChangingPassword(object sender, LoginCancelEventArgs e)
{
if (PasswordFoundOnList())
{
... show an error....
e.Cancel = true;
}
}
Now save somewhere the last passwords, for example you can saved them on user profile, or on your database.
here are some more informations for user profile. http://www.asp.net/Learn/Ajax/tutorial-03-cs.aspx
Hope this help you make it.