Ok, here's my situation.  I have roughly over 400 active directory user accounts and would like to employ the password recovery feature in asp.net 2.0. However, the main issue is the only time that the wizards allow the setting of that is when an account is created.  Another problem is the active directory browser won't allow the field to be displayed in MMC, kind of a bummer but anyway, is there a way I can do the following and if so, how:

1. If the question and answer is blank, take them to set that when they log in.
2. If they are completely messed up, allow them to contact us to change the question/answer combination for them or to clear it?
3. If they are authenticated, allow them to change email, question, and answer themselves?
4. If they haven't changed their password in x days, force them to change it at log on?

I appreciate any assistance anyone can offer me.  Thank you!

I guess 2 out of 4 isn't too bad...is it? I figured out 2 & 3 but could still use some help with 1 and 4.  Any takers?

1. If the question and answer is blank, take them to set that when they log in.
Need some help with this, not sure what the code should be for this.

2. If they are completely messed up, allow them to contact us to change the question/answer combination for them or to clear it?
They would contact us anyway if they can't login so I guess this is a moot point.  I suppose that for this I could change the user's password for them.  Once it is reset for them, they can log on at that point.

3. If they are authenticated, allow them to change email, question, and answer themselves? 
This I was able to figure out.

4. If they haven't changed their password in x days, force them to change it at log on? 
This one I'm still working on.  Could use some suggestions.  I know it involves checking the value of password age in AD but I'm not exactly sure how to go about that.

So you are using ActiveDirectoryMembership Provider correct??

If yes...here is something you can do...not sure if it will work

Check MembershipUser.PasswordQuestion property ...if it is empty ...send them to a page where they can enter there password Question and answer...

then use MembershipUser.ChangePasswordQuestionAndAnswer( ...)   //check the parameters it takes

for Q.4 check if this helps: http://blechie.com/WPierce/archive/2007/01/05/Implement_Expiring_Passwords_with_Membership_and_Role_Providers_in_ASP.Net.aspx

Well, I tried using the MembershipUser as you suggested.  If logic and memory serve me correctly, this bit of code should fire when the page loads. Sadly, it isn't doing anything.  Maybe I missed something? Take a look at my code, maybe you can tell me what's wrong.

public partial class _Default : System.Web.UI.Page
{
          protected void Page_Load(object sender, EventArgs e)
          {
                    try
          {
                    MembershipUser u = Membership.GetUser(User.Identity.Name);
                    string result = u.PasswordQuestion;
                    if (result = "")
                    Response.Redirect("chg_qu_and_ans.aspx");
          }
          catch (Exception e)
          {
                    Msg.Text = "There was an error.";
          }
     }
}

guru_sarkar:

for Q.4 check if this helps: http://blechie.com/WPierce/archive/2007/01/05/Implement_Expiring_Passwords_with_Membership_and_Role_Providers_in_ASP.Net.aspx

I took a look at this and it seems like this is more for a database rather than AD.  Yes, AD is a database but I'm thinking that the expiration date for the password is already there.  Essentially, I could take advantage of that expiration date in AD.  My feeling is the more I can have the existing AD do the better.

For the code above ..I did not get it...  You mean its not hitting Page_Load at all??

It looks its for default page.... if you are trying this after login make sure your user is directed to this page on successful login?

Please provide the flow how you are trying to accomplish...

For password expiry with AD .. I think you should make use of System.DirectoryServices namespace classes.

Check this ..it will give you some basic idea:

http://geekswithblogs.net/mhamilton/archive/2005/09/30/55621.aspx

http://geekswithblogs.net/mhamilton/archive/2005/10/04/55920.aspx

I'll check those other links today.  I greatly appreciate your help.  The flow I have in mind is this:

user in AD logs onto the website. (this works)

After logging on, check their PasswordQuestion (which is in the AD).  If its blank, redirect them to the chg_qu_and_ans.aspx file. (Doesn't work)

Once the PasswordQuestion has some value, take them to the default.aspx page and list the links they have access to by Windows Group. (Working on this)

With every client we create, we always fill in their email address.  I do have a settings page where they can change email, security question/answer, and password.

Instead of PageLoad Try using your above code immediately after your user is authenticated.....

are you using asp.net LoginControl?

If yes.. put the code in LoggedIn event  with minor change ..

MembershipUser u = Membership.GetUser(Login1.UserName);

No, I'm not using the login control.  Here is the code to my login.aspx page.  I tried doing it as code behind but got lost so I figured I would tackle that later.  Anyway, my login.aspx code is:

<%@ Page language="c#" AutoEventWireup="true" %>
<%@ Import Namespace="FormsAuth" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Portal Logon</title>
<link href="css/style_company.css" rel="stylesheet" type="text/css" />
</head>
<body><center><br /><br />
<table border="0" cellpadding="0" cellspacing="0" style="width: 728px">
<tr>
<td rowspan="3" style="height: 227px" valign="top"><img alt="" border="0" height="141" src="images/img_header1.jpg" usemap="#Map2" width="200" /></td>
<td rowspan="3" style="height: 227px" valign="top"><img alt="" border="0" height="225" src="images/img_header2.jpg" usemap="#Map" width="166" /></td>
<td rowspan="3" style="height: 227px" valign="top"><img alt="" height="225" src="images/img_header3.jpg" width="235" /></td>
<td rowspan="3" style="height: 227px" valign="top"><img alt="" border="0" height="225" src="images/img_header5_1.jpg" usemap="#Map3" width="157" /></td></tr>

<tr></tr><tr></tr></table></center><br /><center>

<form id="Login" method="post" runat="server" style="font-family: arial">
<table style="width: 280px"><tr><td align="left" colspan="2"><asp:Label ID="Label1" Runat="server">Domain:</asp:Label></td><td align="left" style="width: 201px"><asp:TextBox ID="txtDomain" Runat="server" Width="192px" AutoCompleteType="Disabled"></asp:TextBox></td>

</tr><tr><td align="left" colspan="2"><asp:Label ID="Label2" Runat="server" >Username:</asp:Label></td><td align="left" style="width: 201px"><asp:TextBox ID="txtUsername" Runat="server" Width="192px" AutoCompleteType="Disabled" ></asp:TextBox></td></tr>

<tr><td align="left" colspan="2"><asp:Label ID="Label3" Runat="server" >Password:</asp:Label></td><td align="left" style="width: 201px"><asp:TextBox ID="txtPassword" Runat="server" TextMode="Password" Width="192px" AutoCompleteType="Disabled"></asp:TextBox></td></tr></table>

<script runat="server">
void Login_Click(object sender, EventArgs e)
{
string adPath = ConfigurationManager.ConnectionStrings["ADConnectionString"].ConnectionString; //Path to your LDAP directory server
LdapAuthentication adAuth = new LdapAuthentication(adPath);
try
{

//Create the ticket, and add the groups.

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,

//Encrypt the ticket.

//Create a cookie, and then add the encrypted ticket to the cookie as data.

//Add the cookie to the outgoing cookies collection.

//You can redirect now.

else

</script>

Well, I figured it out as far as the question being blank.  At the default page, I have the system check the question in this fashion:

MembershipUser _user = Membership.GetUser();
string passquestion = _user.PasswordQuestion;

if (_user.CreationDate == _user.LastPasswordChangedDate)
{
         Response.Redirect("ChPassword.aspx");
}
if ((passquestion + "").Length < 1)
{
         Response.Redirect("chg_qu_and_ans.aspx");
}