使用Forms身份验证首次登录asp.net mvc后强制用户更改密码 [英] Force user change password after first login asp.net mvc with Forms authentication

问题描述

我有一个与表单身份验证安全客户端一起使用的mvc应用程序，所有管理用户都是在服务器端使用wcf协议制作的.
并且在服务器站点中，我将用户tocken保存在sessoin中

I'm have a mvc app that use with form authentication security client and all the manage user's is made in server side with wcf protocol.
and in the server site I'm saving the user tocken in the sessoin

string token = Srv.ValidateUser(out isNewUser, model.UserName, model.Password, model.IdentityNumber);
 if (!string.IsNullOrEmpty(token))
 {
  Session["Token"] = token;
 }

使用此令牌可以在服务中标识
和用户名，形式为认证

with this token I Identifies in the services
and the user name in the form authentication

  FormsAuthentication.SetAuthCookie(model.UserName, false);  

现在我不知道如何在首次登录后或密码过期后强制用户更改密码.
我的配置是:

and now I dont know how to force user change password after first login or after password expired.
My config is:

 <system.web>
    <sessionState mode="InProc" cookieless="true" timeout="20" />
    <authentication mode="Forms">
      <forms path="/" loginUrl="~/Account/Login" />
    </authentication>
    <authorization>
      <allow users="*" />
      <deny users="?" />
    </authorization>
    <identity impersonate="true" />
    <compilation debug="true" targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5" />
  </system.web>
  <system.webServer>
    <modules>
      <remove name="FormsAuthenticationModule" />
    </modules>
    <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>  

有人可以帮助我吗?

推荐答案

在您的登录后操作中，您可以像这样检查LastPasswordChangedDate:

In your Login post action, you can check LastPasswordChangedDate like so:

var currentUser = Membership.GetUser(model.Email);
if (currentUser != null)
{
    if (currentUser.LastPasswordChangedDate == currentUser.CreationDate)
    {
        // User has not changed password since created.
        return RedirectPermanent("Login/?userName=" + model.Email);
    }
}

这篇关于使用Forms身份验证首次登录asp.net mvc后强制用户更改密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！