检查Active Directory密码是不同的cookie [英] Check if Active Directory password is different from cookie
问题描述
我有一个asp.net应用程序,需要使用窗体身份验证(Windows身份验证是没有用给定需求的选项)登录用户到Active Directory。
我保留身份验证Cookie,像这样:
如果(Membership.ValidateUser(model.UserName,model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName,model.RememberMe);
}
这伟大工程,除了cookie的认证,他们改变他们的Active Directory密码,即使用户。
有没有办法告诉如果用户的密码已更改?
我使用asp.net MVC3与.NET 4
我已经试过
如果觉得这code应该工作,但是HttpWebResponse决不会包含任何cookie。不太清楚我在做什么错。
HttpWebRequest的要求=(HttpWebRequest的)WebRequest.Create(Request.Url);
request.CookieContainer =新的CookieContainer();
HttpWebResponse响应=(HttpWebResponse)request.GetResponse();
曲奇authCookie = response.Cookies [AuthCookie];
如果(authCookie.TimeStamp.CompareTo(Membership.GetUser()LastPasswordChangedDate)< 0)
{
authCookie.Expired = TRUE;
}
您code应改为
如果(Membership.ValidateUser(model.UserName,model.Password))
{
字符串用户数据= DateTime.Now.ToString();
的FormsAuthenticationTicket票=新的FormsAuthenticationTicket(1,
用户名,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
用户数据,
FormsAuthentication.FormsCookiePath);
//加密票。
字符串encTicket = FormsAuthentication.Encrypt(票);
//创建的cookie。
Response.Cookies.Add(新的HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
}
现在,验证用户时,
的HttpCookie authCookie = Request.Cookies时[FormsAuthentication.FormsCookieName]
的FormsAuthenticationTicket票= FormsAuthentication.Decrypt(authCookie.value);
如果(DateTime.Parse(ticket.UserData)> Membership.GetUser()LastPasswordChangedDate)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
I have an asp.net app which needs to log users into Active Directory using forms authentication (windows authentication isn't an option with the given requirements).
I'm saving authentication cookies like so:
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
}
This works great, except that the cookie authenticates the user even after they change their Active Directory password.
Is there a way to tell if the user's password has changed?
I'm using asp.net MVC3 with .NET 4
What I've Tried
If feel like this code should work, however the HttpWebResponse never contains any cookies. Not quite sure what I'm doing wrong.
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Request.Url);
request.CookieContainer = new CookieContainer();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Cookie authCookie = response.Cookies["AuthCookie"];
if (authCookie.TimeStamp.CompareTo(Membership.GetUser().LastPasswordChangedDate) < 0)
{
authCookie.Expired = true;
}
Your code should read
if (Membership.ValidateUser(model.UserName, model.Password))
{
string userData = DateTime.Now.ToString();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}
Now, when authenticating the user
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.value);
if (DateTime.Parse(ticket.UserData) > Membership.GetUser().LastPasswordChangedDate)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
这篇关于检查Active Directory密码是不同的cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!