asp.net – 检查Active Directory密码是否与cookie不同

前端之家收集整理的这篇文章主要介绍了asp.net – 检查Active Directory密码是否与cookie不同前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个asp.net应用程序需要使用表单身份验证将用户登录到Active Directory(Windows身份验证不是具有给定要求的选项).

我正在保存身份验证cookie,如下所示:

  1. if (Membership.ValidateUser(model.UserName,model.Password))
  2. {
  3. FormsAuthentication.SetAuthCookie(model.UserName,model.RememberMe);
  4. }

这非常有效,除非cookie在更改其Active Directory密码后对用户进行身份验证.

有没有办法判断用户的密码是否已更改?

我在.NET 4中使用asp.net MVC3

我试过的

如果觉得这个代码应该有效,那么HttpWebResponse永远不会包含任何cookie.不太确定我做错了什么.

  1. HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Request.Url);
  2. request.CookieContainer = new CookieContainer();
  3.  
  4. HttpWebResponse response = (HttpWebResponse)request.GetResponse();
  5.  
  6. Cookie authCookie = response.Cookies["AuthCookie"];
  7. if (authCookie.TimeStamp.CompareTo(Membership.GetUser().LastPasswordChangedDate) < 0)
  8. {
  9. authCookie.Expired = true;
  10. }

解决方法

你的代码应该阅读
  1. if (Membership.ValidateUser(model.UserName,model.Password))
  2. {
  3. string userData = DateTime.Now.ToString();
  4.  
  5. FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,username,DateTime.Now,DateTime.Now.AddMinutes(30),isPersistent,userData,FormsAuthentication.FormsCookiePath);
  6.  
  7. // Encrypt the ticket.
  8. string encTicket = FormsAuthentication.Encrypt(ticket);
  9.  
  10. // Create the cookie.
  11. Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
  12. }

现在,在验证用户

  1. HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
  2. FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.value);
  3. if (DateTime.Parse(ticket.UserData) > Membership.GetUser().LastPasswordChangedDate)
  4. {
  5. FormsAuthentication.SignOut();
  6. FormsAuthentication.RedirectToLoginPage();
  7. }

猜你在找的asp.Net相关文章