Kentico CMS 7.0 Developer's Guide

Password expiration

Password expiration

Previous topic Next topic Mail us feedback on this topic!  

Password expiration

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

With the available password settings, you can set the passwords to expire after a specified amount of time.


You can turn on password expiration with the Enable password expiration setting. When a user logs in to the system, the password expiration period (specified in days by the Password expiration period setting) is added to the time when the user last modified their password, and then compared with the current time. If the resulting time is earlier than the current time, the particular user's password has expired.


The expiration leads to one of the two following scenarios, which can be set by the Password expiration behavior setting.


Show warning - displays a warning text. The user can click the Change the password now link to open a dialog that will allow them to conveniently change their password.




Lock account - locks the user's account, requiring the user to unlock their account and change their password.




The system can warn the users that their password is about to expire. You can adjust the period during which users will be displayed with the warning via the Password expiration warning period setting.


Notifying live site users


By default, notifications related to password expiration are displayed only in the administration interface. To notify also live site users, place the Password expiration web part on a page.


Resetting a password


Users can change their expired password on a special page. You can either use the default page (~/CMSModules/Membership/CMSPages/ResetPassword.aspx), or specify a custom page in the Reset password page URL setting.


A custom password reset page should contain one of the following components:


Reset password web part - a web part you can use in the Portal engine development model.

ResetPassword control - an alternative to the Reset password web part, which can be placed on an ASPX page. The control is located in ~/CMSModules/Membership/Controls/ResetPassword.ascx.


Notifying users by e-mail


By turning the Send password expiration e‑mail setting on or off, you can specify whether you want to notify users about the expiration of their password via e‑mail.


The Site Manager -> Administration -> E-mail templates section contains a predefined template (Membership - Password expiration) that is sent to users when their password expires. The template contains the {% ResetPasswordUrl %} macro, which is resolved to a link that points to the URL of the page that allows to change the user's password.


Extending password validity


To extend the validity of any user's password, edit the user in CMS Desk or Site Manager -> Administration -> Users and on the General tab, click Extend validity. The password's validity will be reset to the Password expiration period setting's value and the user enabled in case their account has been locked due to expired password.