ASP.NET MVC 中的密码过期
[英]Password expiration in ASP.NET MVC
问题描述
I would like to check if logged user password hasn't expired.
我想检查登录的用户密码是否未过期。 If it has the user should be redirected to Change password page.如果它有用户应该被重定向到更改密码页面。 The redirection should be executed for every action - not only after logging in. The thing I tried was to user global attribute and check user's PasswordChangedDate property.应该为每个操作执行重定向 - 不仅仅是在登录之后。我尝试的是用户全局属性并检查用户的 PasswordChangedDate 属性。
public class PasswordExpiredAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
IPrincipal user = filterContext.HttpContext.User;
if (user != null && user.Identity.IsAuthenticated)
{
//check the date
//how to get the user object using Identity UserManager?
}
base.OnAuthorization(filterContext);
}
}
The main problem is that I have no idea how to get the user data to check the PasswordChangedDate property.主要问题是我不知道如何获取用户数据来检查 PasswordChangedDate 属性。 I'm using ASP.NET Identity 2.我正在使用 ASP.NET Identity 2。
1 个解决方案
解决方案1
0 2019-12-19 14:36:44
You can do this by validation of the Security Stamp.您可以通过验证安全印章来做到这一点。 Add a claim with the security stamp (normally all ready send by Identity) and validate this with the users security stamp in the database on every request.添加带有安全标记的声明(通常都由 Identity 准备好发送),并在每次请求时使用数据库中的用户安全标记进行验证。
Make sure you UpdateSecurityStamp when anything changes like password changes.确保在更改密码等任何更改时使用 UpdateSecurityStamp。
await _userManager.UpdateSecurityStampAsync(user);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.