A recent requirement for a project I’m working on involved enforcing password expiration date policy for Sitecore Shell users, and the client did not want to integrate Active Directory, at least for now. So I did some research and found a useful solution for Sitecore 7 by Mike Reynolds: https://sitecorejunkie.com/2013/06/08/enforce-password-expiration-in-the-sitecore-cms/
However, it did not fit exactly the needed requirements and few things were changed for Sitecore 8, so I had to do it differently.
First, I wanted to change the user interaction with the solution and how to communicate to him why he is being redirected to the “change password” page, so I decompiled the class processor (Sitecore.Pipelines.LoggingIn.CheckStartPage) from Sitecore.Kernel.dll and made these changes:
Validate the password last changed date.
Added a new error message to “GetErrorMessage” to reflect the need to change the password and wrap it in an anchor.
I copied “changepassword.aspx” out of the “Sitecore/login” - as accessing it requires authentication.
Decompiled the changepasswore.aspx.c code behind and disabled the authentication check.
Modified changepasswore.aspx to display the user name.
I am working on adding an additional security layer to the solution so I will be updating the repository soon! https://github.com/alkoky/CheckPasswordExpiration