Logout User From all Browser When Password is changed

Question

I have a Reset Password page:

When the user fills the details and clicks the Reset Password button. The following controller is called:

Answer 1

So I got home and decided to put together some code. Show me the code !!!

I would use a handler so the verification is always done when the user first access the application and it is done at one place for every action method access.

The idea is when the user reset their password, the application records the user has reset their password and have not logged in for the first time and sign out the user.

user.HasResetPassword = true;
user.IsFirstLoginAfterPasswordReset = false;

When the user signs in, the application verifies if the user had previously reset their password and is now signing in for the first time. If these statements are valid the application updates its records to say you have not reset your password and you are not signing in for the first time.

Step 1

Add two properties to ApplicationUser model

Step 2

Add a class AuthHandler.cs in Models folder with the implementation below. At this stage you verify if the user has reset their password and has not logged in for the first time since the password was reset. If this is true, redirect the user to the login.

Step 3

In RouteConfig.cs call the AuthHandler so that it is invoked for each incoming http request to your application.

Step 4

In ResetPassword method add implementation as below. At this step when a user has reset their password update the properties to say , they have reset their password and have not logged in for the first time. Notice the user is also signed out explicitly when they reset their password.

Step 5

In Login method add the implementation below. At this step if a user logins in successfully, verify their password was reset and they has logged for the first time is false. If all the conditions are true, update the properties in the database, so the properties are in a state ready for when the user resets the password in the future. So kind of a loop determining and updating the state of the password reset and first logins after resetting the password.

Lastly

Your AspnetUsers table should look as below

Comments

This is how I would approach it. I have not tested it so you may have modify it if you encounter exception. It is all also hard coded to show the approach to solved the problem.