I need to redirect users to the Change Password page if their password has expired.
I want to place this code in one place so that any request can be redirected to the change password page.
I've looked into extending the AuthorizeAttribute, and overriding OnActionExecuting, but neither work/allow me to short circuit the routing logic to redirect to the password change page.
For a little clarification, the logic would be:
Unauthorized request:
-> any URL -> AuthorizeAttribute -> Login.aspx -> password expired -> ChangePassword.aspx
Authorized request:
-> any URL -> ??????? -> ChangePassword.aspx
Its that ???? part that I'm not sure what to do.
I think I'm going to go with extending the AuthorizeAttribute. I'll use that everywhere except the password change controller methods.