我要確定LADP密碼是否已過期?過期用戶的ValidateCredentials
我可以從LDAP查詢用戶信息,看它是否過期,但在此檢查之前,我想確保用戶輸入的當前密碼是正確的。
using (HostingEnvironment.Impersonate())
{
// set up domain context
using (var ctx = new PrincipalContext(ContextType.Domain))
{
try
{
*我希望本節檢查當前用戶名和密碼是否正確。但對於過期的密碼它不起作用。在檢查密碼過期之前,我想檢查當前用戶和密碼是否正確。
details.IsAuthenticate = ctx.ValidateCredentials(username, password);
}
catch (Exception exp)
{
throw exp;
}
// find the user
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username);
if (user != null)
{
// get the underlying DirectoryEntry object from the UserPrincipal
details.IsUserExist = true;
var de = (DirectoryEntry)user.GetUnderlyingObject();
// now get the UserEntry object from the directory entry
var ue = (ActiveDs.IADsUser)de.NativeObject;
details.IsAccountLocked = ue.IsAccountLocked;
details.IsAccountActive = !ue.AccountDisabled;
details.PasswordExpirationDate = ue.PasswordExpirationDate;
// details.PasswordLastChanged = ue.PasswordLastChanged;
details.HasPasswordExpired = ue.PasswordExpirationDate <= DateTime.Now;
details.PasswordNeverExpired = user.PasswordNeverExpires;
if (user.PasswordNeverExpires)
{
details.HasPasswordExpired = false;
}
if (user.LastPasswordSet.HasValue == false && user.PasswordNeverExpires == false)
{
details.ForceChangePassword = true;
}
else
{
details.ForceChangePassword = false;
}
}
您正在使用speci的代碼微軟的Active Directory。 – jwilleke 2014-10-02 10:51:27