I have a Multitenant MVC5 application which lets tenants specify their authentication & authorisation method. They can choose between local account which uses ASPIdentity behind the scenes or using their Active directory logins which uses LDAP.
我有一个多租户MVC5应用程序,它允许租户指定他们的身份验证和授权方法。他们可以在使用后台的ASPIdentity的本地帐户和使用LDAP的活动目录登录之间进行选择。
The ASP identity stuff has a security guid against the user which is wrapped up in the IUserSecurityStampStore
ASP标识有一个针对用户的安全guid,它被包装在IUserSecurityStampStore中
For those that don't know, this guid is essentially a snapshot of the users details. If you modify users details you can update this guid which would log the user out.
对于那些不知道的人来说,这个guid本质上是用户细节的快照。如果您修改了用户的详细信息,您可以更新这个guid,它将记录用户。
My question
我的问题
Is there anything like the security guid for Active Directory? I need a way of tracking whether a user's details have been modified since they've been logged in. This doesnt essentially need to be a guid stamp it could be a datetime stamp.
有什么像活动目录的安全guid吗?我需要一种跟踪用户的详细信息是否在登录后被修改的方法。这本质上不需要是guid戳记,它可以是一个datetime戳记。
1 个解决方案
#1
1
If I understand the scenario you are trying to solve. You want a "..way of tracking whether a user's details have been modified since they've been logged in"
如果我理解你要解决的情况。你想要一个“. .跟踪用户的详细信息是否在登录后被修改的方法"
Probably the best method is to read the either: whenChanged or modifyTimeStamp
可能最好的方法是读取其中之一:whenChanged或modifyTimeStamp
of an entry when the entry performs the logon.
当条目执行登录时的条目。
Then check to see if the value has changes since the logon.
然后检查该值是否在登录后发生了更改。
I have some doubts that this will be enough as there are some values that could change when performing the logon.
我怀疑这是否足够,因为在执行登录时有些值可能会改变。
I can think of these that might change and there could be more (depending on your configuration and customization of AD: badPasswordTime lastLogoff lastLogon lastLogonTimestamp lockoutTime logonCount pwdLastSet
我可以考虑这些可能会改变的东西,可能会有更多(取决于您的配置和AD: badPasswordTime lastLogoff lastLogonTimestamp lockoutTime logouttime logouttime logouttime logouttime logouttime logoutcount pwdLastSet的定制)
-jim
吉姆
#1
1
If I understand the scenario you are trying to solve. You want a "..way of tracking whether a user's details have been modified since they've been logged in"
如果我理解你要解决的情况。你想要一个“. .跟踪用户的详细信息是否在登录后被修改的方法"
Probably the best method is to read the either: whenChanged or modifyTimeStamp
可能最好的方法是读取其中之一:whenChanged或modifyTimeStamp
of an entry when the entry performs the logon.
当条目执行登录时的条目。
Then check to see if the value has changes since the logon.
然后检查该值是否在登录后发生了更改。
I have some doubts that this will be enough as there are some values that could change when performing the logon.
我怀疑这是否足够,因为在执行登录时有些值可能会改变。
I can think of these that might change and there could be more (depending on your configuration and customization of AD: badPasswordTime lastLogoff lastLogon lastLogonTimestamp lockoutTime logonCount pwdLastSet
我可以考虑这些可能会改变的东西,可能会有更多(取决于您的配置和AD: badPasswordTime lastLogoff lastLogonTimestamp lockoutTime logouttime logouttime logouttime logouttime logouttime logoutcount pwdLastSet的定制)
-jim
吉姆