Security: Implement access control(password expiration, disable) by admin/non-admin roles

18F / dol-whd-14c

The 14(c) system will become a modern, digital-first service. Applicants will be provided an intuitive online experience, guiding them through the information needed to complete their application correctly.

Other

16 stars 17 forks source link

Password Expiration:

[x] Add new entries in the web.config 1.PasswordExpirationDaysAdminRole=45 2.PasswordExpirationDaysUserRole=90 Add a new method GetPasswordExpirationDays() to return the corresponding value (based on the role of the logged in user) to use it in VerifyPasswordExpiration(). (Remove the existing entry PasswordExpirationDays)

Disable Users:

[x] Add new entries in the web.config 1.AccountDeactivationDaysAdminRole=45 2.AccountDeactivationDaysUserRole=60 (Remove the existing entry UserAccountExpirationDays) Add a new method GetAccountDeactivationDays() to return the corresponding value (based on the role of the logged in user) to use it in ApplicationStartEventHandler().

18F / dol-whd-14c

Security: Implement access control(password expiration, disable) by admin/non-admin roles #791