Password Expiration Date Policy for Sitecore Shell

A recent requirement for a project I’m working on involved enforcing password expiration date policy for Sitecore Shell users, and the client did not want to integrate Active Directory, at least for now. So I did some research and found a useful solution for Sitecore 7 by Mike Reynolds:

However, it did not fit exactly the needed requirements and few things were changed for Sitecore 8, so I had to do it differently.

First, I wanted to change the user interaction with the solution and how to communicate to him why he is being redirected to the “change password” page, so I decompiled the class processor (Sitecore.Pipelines.LoggingIn.CheckStartPage) from Sitecore.Kernel.dll and made these changes:

  • Validate the password last changed date.

  • Added a new error message to “GetErrorMessage” to reflect the need to change the password and wrap it in an anchor.

  • I copied “changepassword.aspx” out of the “Sitecore/login” - as accessing it requires authentication.

  • Decompiled the changepasswore.aspx.c code behind and disabled the authentication check.

  • Modified changepasswore.aspx to display the user name.

I am working on adding an additional security layer to the solution so I will be updating the repository soon!

About Author

Naim Al
Naim holds a Bachelor Degree in Information Technology and an MBA in Finance. He started his career in programming in 2001 building desktop financial applications. In 2004 he shifted his focus to develop websites. In 2016 Naim joined as a Senior Sitecore Developer. In 2020 Naim won the 1st place in Sitecore Hackathon 2020 competition with American Eagle XTeam Winner, over 82 teams from more than 23 countries were participating. When he is not coding, he likes to spend time with his wife and two kids, watching TV, or relax in his backyard.

Featured Posts