I recently had the following requirements in an MVC application:
Given a new user that still has the default password
When they first login
Then the user must change their password and optionally provide contact information
I found that I can override the OnActionExecuting method in a BaseController class.
public class BaseController : Controller {
\[Inject\]
public ISessionManager SessionManager { get; set; }
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
// call the base method first
base.OnActionExecuting(filterContext);
// if the user hasn't changed their password yet, force them to the welcome page
if (!filterContext.RouteData.Values.ContainsValue("WelcomeNewUser"))
{
var currentUser = this.SessionManager.GetCurrentUser();
if (currentUser.FusionUser.IsPasswordChangeRequired)
{
filterContext.Result = new RedirectResult("/welcome");
}
}
}
}
Better yet, you can use an ActionFilterAttribute (and here) and apply the attribute to the Base or individual controllers.
///
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
base.OnActionExecuting(actionContext);
// if the user hasn't changed their password yet, force them to the welcome page
if (actionContext.RouteData.Values.ContainsValue("WelcomeNewUser"))
{
return;
}
var currentUser = this.SessionManager.GetCurrentUser();
if (currentUser.FusionUser.IsPasswordChangeRequired)
{
actionContext.Result = new RedirectResult("/welcome");
}
}
}
[WelcomePageRedirectActionFilterAttribute] public class BaseController : Controller { ... }
The requirement is now met.
