過期用戶的ValidateCredentials

Question

我要確定LADP密碼是否已過期？

我可以從LDAP查詢用戶信息，看它是否過期，但在此檢查之前，我想確保用戶輸入的當前密碼是正確的。

using (HostingEnvironment.Impersonate()) 
      { 
       // set up domain context 
       using (var ctx = new PrincipalContext(ContextType.Domain)) 
       { 
        try 
        { 

*我希望本節檢查當前用戶名和密碼是否正確。但對於過期的密碼它不起作用。在檢查密碼過期之前，我想檢查當前用戶和密碼是否正確。

     details.IsAuthenticate = ctx.ValidateCredentials(username, password); 
        } 
        catch (Exception exp) 
        { 

         throw exp; 
        } 
        // find the user 
        var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username); 

        if (user != null) 
        { 
         // get the underlying DirectoryEntry object from the UserPrincipal 
         details.IsUserExist = true; 
         var de = (DirectoryEntry)user.GetUnderlyingObject(); 

         // now get the UserEntry object from the directory entry 
         var ue = (ActiveDs.IADsUser)de.NativeObject; 

         details.IsAccountLocked = ue.IsAccountLocked; 
         details.IsAccountActive = !ue.AccountDisabled; 
         details.PasswordExpirationDate = ue.PasswordExpirationDate; 
         // details.PasswordLastChanged = ue.PasswordLastChanged; 
         details.HasPasswordExpired = ue.PasswordExpirationDate <= DateTime.Now; 
         details.PasswordNeverExpired = user.PasswordNeverExpires; 

         if (user.PasswordNeverExpires) 
         { 
          details.HasPasswordExpired = false; 
         } 

         if (user.LastPasswordSet.HasValue == false && user.PasswordNeverExpires == false) 
         { 
          details.ForceChangePassword = true; 
         } 
         else 
         { 
          details.ForceChangePassword = false; 
         } 

        } 

Answer 1

我找到了我的答案。

而不是使用PrincipalContext對象我試過另一種方式。

     try 
         { 
          LdapConnection connection = new LdapConnection(ctx.ConnectedServer); 
          NetworkCredential credential = new NetworkCredential(username, password); 
          connection.Credential = credential; 
          connection.Bind(); 
          //Console.WriteLine("logged in"); 
         } 
         catch (LdapException lexc) 
         { 
          String error = lexc.ServerErrorMessage; 
          Console.WriteLine(lexc); 
         } 
         catch (Exception exc) 
         { 
          Console.WriteLine(exc); 
         } 

而且通過查看漁獲物的結果，你可以做任何你想要的。

525用戶沒有找到

52E憑據無效

530不允許在這個時候

531不允許在此工作站

532登錄登錄密碼已過期

533帳戶已禁用

701帳戶過期

773用戶必須復位密碼

775的用戶帳戶鎖定

/****************** ***************/

Validate a username and password against Active Directory?

http://social.technet.microsoft.com/Forums/windowsserver/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS