我有一个asp.net应用程序需要使用表单身份验证将用户登录到Active Directory(Windows身份验证不是具有给定要求的选项).
我正在保存身份验证cookie,如下所示:
- if (Membership.ValidateUser(model.UserName,model.Password))
- {
- FormsAuthentication.SetAuthCookie(model.UserName,model.RememberMe);
- }
这非常有效,除非cookie在更改其Active Directory密码后对用户进行身份验证.
有没有办法判断用户的密码是否已更改?
我在.NET 4中使用asp.net MVC3
我试过的
如果觉得这个代码应该有效,那么HttpWebResponse永远不会包含任何cookie.不太确定我做错了什么.
- HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Request.Url);
- request.CookieContainer = new CookieContainer();
- HttpWebResponse response = (HttpWebResponse)request.GetResponse();
- Cookie authCookie = response.Cookies["AuthCookie"];
- if (authCookie.TimeStamp.CompareTo(Membership.GetUser().LastPasswordChangedDate) < 0)
- {
- authCookie.Expired = true;
- }
解决方法
你的代码应该阅读
- if (Membership.ValidateUser(model.UserName,model.Password))
- {
- string userData = DateTime.Now.ToString();
- FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,username,DateTime.Now,DateTime.Now.AddMinutes(30),isPersistent,userData,FormsAuthentication.FormsCookiePath);
- // Encrypt the ticket.
- string encTicket = FormsAuthentication.Encrypt(ticket);
- // Create the cookie.
- Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
- }
现在,在验证用户时
- HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
- FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.value);
- if (DateTime.Parse(ticket.UserData) > Membership.GetUser().LastPasswordChangedDate)
- {
- FormsAuthentication.SignOut();
- FormsAuthentication.RedirectToLoginPage();
- }