下一次登录策略的更改密码处于活动状态时的Active Directory PrincipalContext.ValidateCredentials [英] Active Directory PrincipalContext.ValidateCredentials when change password on next login policy is active
问题描述
我正在使用 系统.DirectoryServices.AccountManagement 命名空间 从我的Web应用程序与Active Directory进行交互.要针对Active Directory验证用户凭据,我使用以下代码行.
I am using the classes in System.DirectoryServices.AccountManagement namespace to interact with Active Directory from my web application. To authenticate user credentials against Active Directory I use the following line of code.
bool authSucceeded=principalContext.ValidateCredentials(userName, password);
principalContext 是PrincipalContext实例. "margin:0px; padding:0px; border:0px; vertical-align:baseline; background-color:transparent">验证成功是 使用提供的凭据对用户进行身份验证时为true.但是,当在下次登录时更改密码" 策略处于活动状态时,此方法将失败.为了 这些用户,即使使用密码"Abcd_10"创建的用户也未通过身份验证.
where principalContext is the PrincipalContext instance. authSucceeded is true when a user is authenticated with the provided credentials. But this method fails when a 'change password on next loginpolicy is active. For those users, even if they are created with a password 'Abcd_10' is not authenticated.
有人知道如何在此状态下对用户进行身份验证,以便可以将其重定向到更改密码屏幕吗?我已经完成了所有其他任务的代码.但是只有这个东西不见了.
Anyone have an idea how I can authenticate a user in this state so that I can redirect him to a change password screen? I have done code for all the other tasks. But only this thing is missing.
推荐答案
您好Mrinal Jaiswal,
Hello Mrinal Jaiswal,
请尝试以下操作:
public enum AuthenticationResult
{
Success,
Failed,
Expired,
Error
}
public static AuthenticationResult Authenticate(string username, string password)
{
AuthenticationResult result = AuthenticationResult.Failed;
try
{
PrincipalContext insPrincipalContext = new PrincipalContext(ContextType.Domain);
if (insPrincipalContext.ValidateCredentials(username, password))
{
result = AuthenticationResult.Success;
}
else
{
result = AuthenticationResult.Failed;
}
}
catch (PrincipalOperationException oex)
{
if (oex.ErrorCode == -2147023688)
result = AuthenticationResult.Expired;
}
catch (Exception ex)
{
result = AuthenticationResult.Error;
}
return result;
}
然后在您的登录页面上调用它:
Then call this on your login page:
switch (Authenticate("test", "123"))
{
case AuthenticationResult.Success:
// do something
break;
case AuthenticationResult.Failed:
// do something
break;
case AuthenticationResult.Expired:
// do something
break;
case AuthenticationResult.Error:
// do something
break;
}
这篇关于下一次登录策略的更改密码处于活动状态时的Active Directory PrincipalContext.ValidateCredentials的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!