Andy Depue wrote:
I've implemented security in my web application using Acegi security. I'm in the process now of implementing a very simple password policy (basically, the administrator has the ability to set a flag on the user to force them to change their password the next time they log in). In the grand scheme of Acegi, where would be the best place to implement this? I'm tempted to create my own filter that runs after Acegi's authentication processing filter that checks if the current user has this flag set and, if so, redirects them to the change password page. Is there a better place to do this?Hi Andy
Thanks, Andy
I'd do it the way you've suggested. There aren't any existing hooks for this behaviour. We could probably add one into AbstractProcessingFilter if you prefer.
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer