我有一个asp.net应用程序需要使用表单身份验证将用户登录到Active Directory(Windows身份验证不是具有给定要求的选项)。
我正在保存身份验证Cookie:
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
}
这很好用,除非用户在更改Active Directory密码后对用户进行身份验证。
有没有办法判断用户的密码是否已更改?
我正在使用asp.net MVC3和.NET 4
我尝试过什么
如果觉得这个代码应该有效,那么HttpWebResponse永远不会包含任何cookie。不太确定我做错了什么。
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Request.Url);
request.CookieContainer = new CookieContainer();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Cookie authCookie = response.Cookies["AuthCookie"];
if (authCookie.TimeStamp.CompareTo(Membership.GetUser().LastPasswordChangedDate) < 0)
{
authCookie.Expired = true;
}
答案 0 :(得分:2)
您的代码应该是
if (Membership.ValidateUser(model.UserName, model.Password))
{
string userData = DateTime.Now.ToString();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}
现在,在验证用户时
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.value);
if (DateTime.Parse(ticket.UserData) > Membership.GetUser().LastPasswordChangedDate)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}