Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

IdentityServer4 and ShouldChangePassword #9765


User avatar
0
ivanosw1 created
  • What is your product version? 9.1.0
  • What is your product type (Angular or MVC)? Angular
  • What is product framework type (.net framework or .net core)? .net Core

I've enabled IdentityServer and the login process works fine with user and password but if a user has ShouldChangePassword flag, IdentityServer allow the authentication. Which are the property in common with AspNetZero and IdentityServer ?

Thank you


1 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    ShouldChangePassword is a feature of zero. If you don't want users to log in, you can try to override the IsActiveAsync method of AbpProfileService.

    if(user.ShouldChangePasswordOnNextLogin)
    {
           context.IsActive = false;
    }
    
    

    https://github.com/aspnetboilerplate/aspnetboilerplate/blob/ff508655a00da76e099248728af22b70447eb95b/src/Abp.ZeroCore.IdentityServer4/IdentityServer4/AbpProfileService.cs#L39 https://docs.identityserver.io/en/dev/reference/profileservice.html