The website I'm trying to make is for our customers, and they can login to see our prices for example. I'm using forms authentication with persistant cookies so that the customers don't have to retype their passwords every time. The database with logins is maintained by other software, and people are not allowed to create new logins. This all works fine.

Imagine the following situation: an employee of one of these customers has the password to our site, and uses it on his computer at home. So far so good. The next day this employee gets fired, and his boss changes the password so that the employee cannot enter the site anymore. The employee at home still has the persistant cookie and can still login with no problems, because the password is only validated the first time he logs in... I hope that this explanation makes sense!

Is there a way to fix this? I could store the password in a cookie and recheck it every login, but passwords in cookies are not-done, so I guess that's not the best solution.

you should create alternate Users that are managed by the main User

dont ask me how to do it ;-)

Hi

Please view my post in this thread on how to check user information at Application_AuthenticateRequest event when he/she returns to your website 

http://forums.asp.net/t/1206047.aspx

Thanks for your reply!  I've read that post, but I don't see how that can be a solution. The "CheckUser_deleted_disabled_passwordChanged_otherCondition" function has to return true if, for example, the password has changed. But how do I know if the password has changed?

bmaster:

But how do I know if the password has changed?

Hi

The SqlMembershipUser has the CreationDate, LastLoginDate, LastActivityDate, and LastPasswordChangedDate property. You can just check the date and time when the user was last authenticated(LastLoginDate), then look into the date and time when the membership user's password was last updated(LastPasswordChangedDate). If the LastLoginDate is even before LastPasswordChangedDate, mean people should re-authenticate.