password policy using c#
-
Hai All. i am a newcomer of c# forum. i have problem with password policy implemetation in c# . i checking password character. but i have doubt in password changing days every 90 days clause in password policy . how to check whether password change required or not ?
-
Hai All. i am a newcomer of c# forum. i have problem with password policy implemetation in c# . i checking password character. but i have doubt in password changing days every 90 days clause in password policy . how to check whether password change required or not ?
it depends on how and where the passwords are stored .. if you're using a database, one of the fields you might have in the account/user record is a datetime field for 'password last changed', and another might be a flag for 'needs to change password' a) at day=0, you force a refresh of all passwords by setting the 'needs to change password flag' to true, and probably just put junk in the password field to force them to use the accepted password change procedure b) when the user changes their password, you set the 'password last changed' field to (now), and the 'needs to change password' flag to false c) every day, you run a procedure to go through the 'database' and calculate the difference in days between (now) and the password last changed field - if that figure is '90' you set the 'needs to change password' flag to true
-
Hai All. i am a newcomer of c# forum. i have problem with password policy implemetation in c# . i checking password character. but i have doubt in password changing days every 90 days clause in password policy . how to check whether password change required or not ?
As an addition to Garths design, I would have a settings table that stores the policy details. Instead of storing the needs to change flag and requiring a daily process to update it I would use a View which joins the settings table and the user table and calcs the need to change flag. This eliminates a daily process and makes the policy and therefore the flag dynamic (controlled by the settings table and therefore available to be changed externally).
Never underestimate the power of human stupidity RAH
-
Hai All. i am a newcomer of c# forum. i have problem with password policy implemetation in c# . i checking password character. but i have doubt in password changing days every 90 days clause in password policy . how to check whether password change required or not ?
Garth's way is fine, but rather than running a procedure every day, I'd do the "does it need changing" test when the user logged in. If it needs changing, then let him in, but take him directly to the "must change password" page, and don't let him in the rest of the site until it's changed. I'd also dump the boolean "needs changing" value in favour of replacing the "last change" date with a "next change date". That way, then test is simple "is next change less than now?" and it's only one column to update when they do change it: nextChangeDueOn = CurrentDate + 90 days.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
