Have a quick question regarding the above suggestion:
Why is my Response.Redirect being ignored within the ILoginCompletedEvent? And when I say ignored, I mean the code is executing, but Sitefinity is just bringing me to the site root, completely disregarding the /change-password page.
If I change the Redirect endResponse to "true", then I am brought back to the login page and you can clearly see that the query string has been updated with "redirect_uri=/change-password", but as a result of ending the response, I am logged out.
For obvious security reasons, I cannot have an anonymously accessible change password page, but the ILoginCompletedEvent just wont allow a redirection to a secured page.
What am I missing? Any thoughts?
private void LoginCompletedEventHandler(Telerik.Sitefinity.Web.Events.ILoginCompletedEvent evt)
if (evt.LoginResult == Telerik.Sitefinity.Security.UserLoggingReason.Success)
MembershipUser usrInfo = Membership.GetUser(evt.Username);
string redirectUri = "/change-password";
int daysSincePwdChange = Convert.ToInt32(DateTime.Now.Subtract(usrInfo.LastPasswordChangedDate).TotalDays);
if (daysSincePwdChange > 89)
So it sounds like we need to create a custom change password form, since the Change Password widget requires the user to be logged in.
Unfortunately I have not had any luck with logging the user out and redirecting them to a custom change password page. I'm hitting the Response.Redirect in the code, but login continues on to the Sitefinity dashboard. FYI - I'm trying to do this for the CMS login.
// Expire passwords after 90 days
private void OnLogin_Completed(ILoginCompletedEvent evt)
if (evt.LoginResult == UserLoggingReason.Success)
if (daysSincePwdChange >= 90)
Hi - Is password expiration being considered as a core feature of Sitefinity?