Passwords 已过期用户的ValidateCredentials
我将确定LADP密码是否已过期 我可以从LDAP查询用户信息以查看其是否过期,但在进行此检查之前,我希望确保用户输入的当前密码是正确的Passwords 已过期用户的ValidateCredentials,passwords,ldap,credentials,Passwords,Ldap,Credentials,我将确定LADP密码是否已过期 我可以从LDAP查询用户信息以查看其是否过期,但在进行此检查之前,我希望确保用户输入的当前密码是正确的 using (HostingEnvironment.Impersonate()) { // set up domain context using (var ctx = new PrincipalContext(ContextType.Domain))
using (HostingEnvironment.Impersonate())
{
// set up domain context
using (var ctx = new PrincipalContext(ContextType.Domain))
{
try
{
*我希望本节检查当前用户名和密码是否正确。但对于过期密码,它不起作用。在检查密码过期之前,我想检查当前用户和密码是否正确
details.IsAuthenticate = ctx.ValidateCredentials(username, password);
}
catch (Exception exp)
{
throw exp;
}
// find the user
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username);
if (user != null)
{
// get the underlying DirectoryEntry object from the UserPrincipal
details.IsUserExist = true;
var de = (DirectoryEntry)user.GetUnderlyingObject();
// now get the UserEntry object from the directory entry
var ue = (ActiveDs.IADsUser)de.NativeObject;
details.IsAccountLocked = ue.IsAccountLocked;
details.IsAccountActive = !ue.AccountDisabled;
details.PasswordExpirationDate = ue.PasswordExpirationDate;
// details.PasswordLastChanged = ue.PasswordLastChanged;
details.HasPasswordExpired = ue.PasswordExpirationDate <= DateTime.Now;
details.PasswordNeverExpired = user.PasswordNeverExpires;
if (user.PasswordNeverExpires)
{
details.HasPasswordExpired = false;
}
if (user.LastPasswordSet.HasValue == false && user.PasswordNeverExpires == false)
{
details.ForceChangePassword = true;
}
else
{
details.ForceChangePassword = false;
}
}
details.IsAuthenticate=ctx.ValidateCredentials(用户名、密码);
}
捕获(异常扩展)
{
投掷实验;
}
//查找用户
var user=UserPrincipal.FindByIdentity(ctx,IdentityType.SamAccountName,username);
如果(用户!=null)
{
//从UserPrincipal获取基础DirectoryEntry对象
details.IsUserExist=true;
var de=(DirectoryEntry)user.getUnderlinegObject();
//现在从目录条目中获取UserEntry对象
var ue=(ActiveDs.IADsUser)de.NativeObject;
details.IsAccountLocked=ue.IsAccountLocked;
details.IsAccountActive=!ue.AccountDisabled;
details.PasswordExpirationDate=ue.PasswordExpirationDate;
//details.PasswordLastChanged=ue.PasswordLastChanged;
details.hasspasswordexpired=ue.passwordexpireationdate我找到了答案
我没有使用PrincipalContext对象,而是尝试了另一种方法
try
{
LdapConnection connection = new LdapConnection(ctx.ConnectedServer);
NetworkCredential credential = new NetworkCredential(username, password);
connection.Credential = credential;
connection.Bind();
//Console.WriteLine("logged in");
}
catch (LdapException lexc)
{
String error = lexc.ServerErrorMessage;
Console.WriteLine(lexc);
}
catch (Exception exc)
{
Console.WriteLine(exc);
}
而且通过观察捕获的结果,你可以做任何你想做的事情
525 找不到用户
52e 无效凭证
530 此时不允许登录
531 不允许在此工作站登录
532 密码过期
533 帐户禁用
701 帐户过期
773 用户必须重置密码
775 用户帐户已锁定
/*******************************************************/
您使用的特定于Microsoft Active Directory的代码。