检查 Active Directory 密码是否与 cookie 不同 [英] Check if Active Directory password is different from cookie

问题描述

我有一个 asp.net 应用程序，它需要使用表单身份验证将用户登录到 Active Directory(Windows 身份验证不是具有给定要求的选项).

I have an asp.net app which needs to log users into Active Directory using forms authentication (windows authentication isn't an option with the given requirements).

我像这样保存身份验证 cookie:

I'm saving authentication cookies like so:

if (Membership.ValidateUser(model.UserName, model.Password))
{
    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
}

这很有效，除了即使用户更改了 Active Directory 密码后，cookie 也会对用户进行身份验证.

This works great, except that the cookie authenticates the user even after they change their Active Directory password.

有没有办法判断用户的密码是否已更改?

Is there a way to tell if the user's password has changed?

我在 .NET 4 中使用 asp.net MVC3

I'm using asp.net MVC3 with .NET 4

我的尝试

如果觉得这段代码应该可以工作，但是 HttpWebResponse 永远不会包含任何 cookie.不太确定我做错了什么.

If feel like this code should work, however the HttpWebResponse never contains any cookies. Not quite sure what I'm doing wrong.

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Request.Url);
request.CookieContainer = new CookieContainer();

HttpWebResponse response = (HttpWebResponse)request.GetResponse();

Cookie authCookie = response.Cookies["AuthCookie"];
if (authCookie.TimeStamp.CompareTo(Membership.GetUser().LastPasswordChangedDate) < 0)
{
    authCookie.Expired = true;
}

推荐答案

你的代码应该阅读

if (Membership.ValidateUser(model.UserName, model.Password))
{
  string userData = DateTime.Now.ToString();

  FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    username,
    DateTime.Now,
    DateTime.Now.AddMinutes(30),
    isPersistent,
    userData,
    FormsAuthentication.FormsCookiePath);

  // Encrypt the ticket.
  string encTicket = FormsAuthentication.Encrypt(ticket);

  // Create the cookie.
  Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}

现在，当验证用户时

HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.value);
if (DateTime.Parse(ticket.UserData) > Membership.GetUser().LastPasswordChangedDate)
{
    FormsAuthentication.SignOut();
    FormsAuthentication.RedirectToLoginPage();
}

这篇关于检查 Active Directory 密码是否与 cookie 不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！