我有一個使用AD來驗證用戶的Web表單。我希望能夠使用過期密碼對用戶進行身份驗證,並在身份驗證後將其重定向到密碼更改頁面。是否可以使用過期密碼來驗證Active Directory用戶?
如果例如一個網站管理員重置用戶密碼,我使用下面的方法,以使用戶在下次登錄時重置他們的密碼。
Public Shared Sub ForceUserToResetPassword(ByVal LDAP_URI As String, ByVal UserName As String, ByVal Auth_UserName As String, ByVal Auth_Password As String)
Dim LDAPEntry As DirectoryEntry = Nothing
Try
LDAPEntry = New DirectoryEntry(LDAP_URI, Auth_UserName, Auth_Password, AuthenticationTypes.Secure)
Dim LDAPSearch As New DirectorySearcher()
LDAPSearch.SearchRoot = LDAPEntry
LDAPSearch.Filter = "(&(objectClass=user)(sAMAccountName=" & UserName & "))"
LDAPSearch.SearchScope = SearchScope.Subtree
Dim results As SearchResult = LDAPSearch.FindOne()
If Not (results Is Nothing) Then
LDAPEntry = New DirectoryEntry(results.Path, Auth_UserName, Auth_Password, AuthenticationTypes.Secure)
End If
LDAPAccess.SetProperty(LDAPEntry, "pwdLastSet", 0)
LDAPEntry.CommitChanges()
Catch ex As Exception
End Try
End Sub
這樣做會使用戶的密碼過期。如果用戶嘗試使用新密碼登錄,則身份驗證將失敗,並顯示「登錄失敗:未知用戶名或密碼錯誤」。
這是我的認證。方法:
Public Shared Function AuthADuser(ByVal LDAP_URI As String, ByVal UserName As String, ByVal password As String, ByVal Auth_UserName As String, ByVal Auth_Password As String) As Boolean
Dim IsAuth As Boolean = False
Dim LDAPEntry As DirectoryEntry = Nothing
Try
LDAPEntry = New DirectoryEntry(LDAP_URI, UserName, password, AuthenticationTypes.Secure)
Dim tmp As [Object] = LDAPEntry.NativeObject
IsAuth = True
Catch ex As Exception
LDAPEntry.Dispose()
If ex.Message.StartsWith("The server is not operational") Then
IsAuth = False
ElseIf ex.Message.StartsWith("Logon failure:") Then
Throw New ApplicationException("The Username and password combination are not valid to enter the system.")
End If
Finally
LDAPEntry.Close()
End Try
Return IsAuth
End Function
有沒有辦法解決這個問題?
感謝您的幫助。
這似乎是一種浪費的努力。如果他們的密碼已過期並需要更改,那麼登錄到域會在他們打開Web瀏覽器並訪問您的Intranet站點之前提示密碼更改。 – HardCode 2011-04-07 17:09:48