Check if Active Directory password is different from cookie(检查 Active Directory 密码是否与 cookie 不同)
问题描述
我有一个 asp.net 应用程序,它需要使用表单身份验证将用户登录到 Active Directory(Windows 身份验证不是具有给定要求的选项).
I have an asp.net app which needs to log users into Active Directory using forms authentication (windows authentication isn't an option with the given requirements).
我像这样保存身份验证 cookie:
I'm saving authentication cookies like so:
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
}
这很有效,除了即使用户更改了 Active Directory 密码后,cookie 也会对用户进行身份验证.
This works great, except that the cookie authenticates the user even after they change their Active Directory password.
有没有办法判断用户的密码是否已更改?
Is there a way to tell if the user's password has changed?
我在 .NET 4 中使用 asp.net MVC3
I'm using asp.net MVC3 with .NET 4
我的尝试
如果觉得这段代码应该可以工作,但是 HttpWebResponse 永远不会包含任何 cookie.不太确定我做错了什么.
If feel like this code should work, however the HttpWebResponse never contains any cookies. Not quite sure what I'm doing wrong.
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Request.Url);
request.CookieContainer = new CookieContainer();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Cookie authCookie = response.Cookies["AuthCookie"];
if (authCookie.TimeStamp.CompareTo(Membership.GetUser().LastPasswordChangedDate) < 0)
{
authCookie.Expired = true;
}
推荐答案
你的代码应该阅读
if (Membership.ValidateUser(model.UserName, model.Password))
{
string userData = DateTime.Now.ToString();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}
现在,当验证用户时
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.value);
if (DateTime.Parse(ticket.UserData) > Membership.GetUser().LastPasswordChangedDate)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
这篇关于检查 Active Directory 密码是否与 cookie 不同的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:检查 Active Directory 密码是否与 cookie 不同
- Azure Active Directory 与 MVC,客户端和资源标识同一 2022-01-01
- Windows 喜欢在 LINUX 中使用 MONO 进行服务开发? 2022-01-01
- C# 通过连接字符串检索正确的 DbConnection 对象 2022-01-01
- 是否可以在 .Net 3.5 中进行通用控件? 2022-01-01
- 在 C# 中异步处理项目队列 2022-01-01
- 在 LINQ to SQL 中使用 contains() 2022-01-01
- 为什么 C# 中的堆栈大小正好是 1 MB? 2022-01-01
- CanBeNull和ReSharper-将其用于异步任务? 2022-01-01
- 使用 rss + c# 2022-01-01
- 带问号的 nvarchar 列结果 2022-01-01
