我有一个asp.net应用程序，需要使用窗体身份验证（Windows身份验证是没有用给定需求的选项）登录用户到Active Directory。

我保留身份验证Cookie，像这样：

 如果（Membership.ValidateUser（model.UserName，model.Password））
{
    FormsAuthentication.SetAuthCookie（model.UserName，model.RememberMe）;
}
 

这伟大工程，除了cookie的认证，他们改变他们的Active Directory密码，即使用户。

有没有办法告诉如果用户的密码已更改？

我使用asp.net MVC3与.NET 4

我已经试过

如果觉得这code应该工作，但是HttpWebResponse决不会包含任何cookie。不太清楚我在做什么错。

  HttpWebRequest的要求=（HttpWebRequest的）WebRequest.Create（Request.Url）;
request.CookieContainer =新的CookieContainer（）;

HttpWebResponse响应=（HttpWebResponse）request.GetResponse（）;

曲奇authCookie = response.Cookies [AuthCookie];
如果（authCookie.TimeStamp.CompareTo（Membership.GetUser（）LastPasswordChangedDate）＆LT; 0）
{
    authCookie.Expired = TRUE;
}
 

解决方案

您code应改为

 如果（Membership.ValidateUser（model.UserName，model.Password））
{
  字符串用户数据= DateTime.Now.ToString（）;

  的FormsAuthenticationTicket票=新的FormsAuthenticationTicket（1，
    用户名，
    DateTime.Now，
    DateTime.Now.AddMinutes（30），
    isPersistent，
    用户数据，
    FormsAuthentication.FormsCookiePath）;

  //加密票。
  字符串encTicket = FormsAuthentication.Encrypt（票）;

  //创建的cookie。
  Response.Cookies.Add（新的HttpCookie（FormsAuthentication.FormsCookieName，encTicket））;
}
 

现在，验证用户时，

 的HttpCookie authCookie = Request.Cookies时[FormsAuthentication.FormsCookieName]
的FormsAuthenticationTicket票= FormsAuthentication.Decrypt（authCookie.value）;
如果（DateTime.Parse（ticket.UserData）＆GT; Membership.GetUser（）LastPasswordChangedDate）
{
    FormsAuthentication.SignOut（）;
    FormsAuthentication.RedirectToLoginPage（）;
}
 

I have an asp.net app which needs to log users into Active Directory using forms authentication (windows authentication isn't an option with the given requirements).

I'm saving authentication cookies like so:

if (Membership.ValidateUser(model.UserName, model.Password))
{
    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
}

This works great, except that the cookie authenticates the user even after they change their Active Directory password.

Is there a way to tell if the user's password has changed?

I'm using asp.net MVC3 with .NET 4

What I've Tried

If feel like this code should work, however the HttpWebResponse never contains any cookies. Not quite sure what I'm doing wrong.

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Request.Url);
request.CookieContainer = new CookieContainer();

HttpWebResponse response = (HttpWebResponse)request.GetResponse();

Cookie authCookie = response.Cookies["AuthCookie"];
if (authCookie.TimeStamp.CompareTo(Membership.GetUser().LastPasswordChangedDate) < 0)
{
    authCookie.Expired = true;
}

Your code should read

if (Membership.ValidateUser(model.UserName, model.Password))
{
  string userData = DateTime.Now.ToString();

  FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    username,
    DateTime.Now,
    DateTime.Now.AddMinutes(30),
    isPersistent,
    userData,
    FormsAuthentication.FormsCookiePath);

  // Encrypt the ticket.
  string encTicket = FormsAuthentication.Encrypt(ticket);

  // Create the cookie.
  Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}

Now, when authenticating the user

HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.value);
if (DateTime.Parse(ticket.UserData) > Membership.GetUser().LastPasswordChangedDate)
{
    FormsAuthentication.SignOut();
    FormsAuthentication.RedirectToLoginPage();
}