通过集成的 Windows 身份验证和 ASP.NET,用户可以更改密码并提示重新登录。为什么?
我正在开发一个使用 Windows 身份验证的应用程序。在此应用程序中,我们使用户能够更改其密码。
用户可以修改密码就好了。然而,当他们更改密码后,事情就变得奇怪了。
有时他们可以很好地浏览应用程序。 其他时候,他们单击链接,系统会立即提示他们提供凭据。 有时,他们可以单击某个链接,但第二次单击时,系统会提示他们提供凭据。
浏览器是否保留原始凭据的令牌并在请求下一页时使用它?如果是这样,为什么我有时可以继续使用该网站?我可以更改密码然后将该令牌分配给请求吗?
有人有建议吗?
I am working on an application that uses windows authentication. Within this application, we give the user the ability to change their password.
The user can change the password just fine. However, after they change their password, that is when things get weird.
Sometimes they can navigate through the application just fine.
Other times, they click on a link and are immediately prompted to supply credentials.
Occasionly they can click on a link but upon a second click they are prompted to supply credentials.
Does the browser keep a token to the original credentials and use this when they request the next page? If this is the case, why can i continue using the site sometimes? Can I change the password and then assign that token to the request?
Does anyone have suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是一个缓存问题。如果用户使用 Windows 身份验证连接到 ASP.NET 应用程序,则出于性能原因,连接将停留一段时间(您确实不想对每个页面请求进行完整的重新身份验证!) - 即使密码更改必须从 PC 传输到域控制器,然后再传输到 ASP.NET 服务器,因此通常会出现轻微的延迟。我的建议是放弃浏览器并等待 30 秒后再重新连接。
It's a caching issue. If the user connects to an ASP.NET app using Windows auth, the connection will linger for a while for performance reasons (you really don't want to do a complete re-auth on every page request!) - even then the password change has to travel from the PC, to the domain controller and then to the ASP.NET server, so there is often a small delay. My recommendation would be to drop the browser and wait 30secs before reconnecting.