- ABP Framework version: v6.0.1
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
In our project, we want to check if the passwords of users who log in have not been changed for more than 180 days. If a password has not been changed for 180 days or more, we want to prompt the user to change their password. Additionally, we want to verify if the newly entered password matches any of the last 3 passwords the user used. If the new password matches any of the last 3 passwords, we want to display a warning message indicating that the entered password is not allowed. How can we perform these operations?
5 Answer(s)
-
0
Hi,
We added the Periodic Password Changes feature in 7.2
https://blog.abp.io/abp/ABP.IO-Platform-7.2-RC-Has-Been-Published
If the new password matches any of the last 3 passwords, we want to display a warning message indicating that the entered password is not allowed
You can override the
ChangePasswordModelto store the recently modified password to cache&database and check it. -
0
hi, Have you implemented a mechanism that prevents the usage of the last 3 passwords?
-
0
Hi,
No, we don't such plan to implement it.
-
0
How can we accomplish that?
-
0
Hi,
You can save the password to the cache or database when changing the password.
The bottom-level method to change the password is
SetPasswordHashAsyncABP set the last password change time here, you can override the
IdentityUserStoreto save and get the last 3 passwords for comparison
https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityUserStore.cs
