Blog Banner

Password Expiration Date Policy for Sitecore Shell

A recent requirement for a project I’m working on involved enforcing password expiration date policy for Sitecore Shell users, and the client did not want to integrate Active Directory, at least for now. So I did some research and found a useful solution for Sitecore 7 by Mike Reynolds:

However, it did not fit exactly the needed requirements and few things were changed for Sitecore 8, so I had to do it differently.

First, I wanted to change the user interaction with the solution and how to communicate to him why he is being redirected to the “change password” page, so I decompiled the class processor (Sitecore.Pipelines.LoggingIn.CheckStartPage) from Sitecore.Kernel.dll and made these changes:

  • Validate the password last changed date.

  • Added a new error message to “GetErrorMessage” to reflect the need to change the password and wrap it in an anchor.

  • I copied “changepassword.aspx” out of the “Sitecore/login” - as accessing it requires authentication.

  • Decompiled the changepasswore.aspx.c code behind and disabled the authentication check.

  • Modified changepasswore.aspx to display the user name.

And this is the final result:

Sitecore password change

Sitecore password reset

I am working on adding an additional security layer to the solution so I will be updating the repository soon!

Contact Us Today!

Naim holds a Bachelor Degree in Information Technology and an MBA in Finance. He started his career in programming in 2001 building desktop financial applications. In 2004 he shifted his focus to develop websites. In 2016 Naim joined with a focus on Sitecore, as a Sitecore Certified Developer.
When he is not working, he likes to spend time with his wife and two kids, watching TV, or relaxing in the backyard.

Write a review