下一次登录策略的更改密码处于活动状态时的Active Directory PrincipalContext.ValidateCredentials [英] Active Directory PrincipalContext.ValidateCredentials when change password on next login policy is active

问题描述

我正在使用 系统.DirectoryServices.AccountManagement  命名空间 从我的Web应用程序与Active Directory进行交互.要针对Active Directory验证用户凭据，我使用以下代码行.

I am using the classes in System.DirectoryServices.AccountManagement namespace to interact with Active Directory from my web application. To authenticate user credentials against Active Directory I use the following line of code.

bool authSucceeded=principalContext.ValidateCredentials(userName, password);

principalContext 是PrincipalContext实例. "margin:0px; padding:0px; border:0px; vertical-align:baseline; background-color:transparent">验证成功是 使用提供的凭据对用户进行身份验证时为true.但是，当在下次登录时更改密码" 策略处于活动状态时，此方法将失败.为了 这些用户，即使使用密码"Abcd_10"创建的用户也未通过身份验证.

where principalContext is the PrincipalContext instance. authSucceeded is true when a user is authenticated with the provided credentials. But this method fails when a 'change password on next loginpolicy is active. For those users, even if they are created with a password 'Abcd_10' is not authenticated.

有人知道如何在此状态下对用户进行身份验证，以便可以将其重定向到更改密码屏幕吗?我已经完成了所有其他任务的代码.但是只有这个东西不见了.

Anyone have an idea how I can authenticate a user in this state so that I can redirect him to a change password screen? I have done code for all the other tasks. But only this thing is missing.

推荐答案

您好Mrinal Jaiswal，

Hello Mrinal Jaiswal,

请尝试以下操作:

public enum AuthenticationResult
        {
            Success,
            Failed,
            Expired,
            Error
        }

        public static AuthenticationResult Authenticate(string username, string password)
        {
            AuthenticationResult result = AuthenticationResult.Failed;
            try
            {
                PrincipalContext insPrincipalContext = new PrincipalContext(ContextType.Domain);
                if (insPrincipalContext.ValidateCredentials(username, password))
                {
                    result = AuthenticationResult.Success;
                }
                else
                {
                    result = AuthenticationResult.Failed;
                }
            }
            catch (PrincipalOperationException oex)
            {
                if (oex.ErrorCode == -2147023688)
                    result = AuthenticationResult.Expired;
            }
            catch (Exception ex)
            {
                result = AuthenticationResult.Error;
            }
            return result;
        }

然后在您的登录页面上调用它:

Then call this on your login page:

        switch (Authenticate("test", "123"))
        {   
            case AuthenticationResult.Success:
                // do something
                break;
            case AuthenticationResult.Failed:
                // do something
                break;
            case AuthenticationResult.Expired:
                // do something
                break;
            case AuthenticationResult.Error:
                // do something
                break;
        }

这篇关于下一次登录策略的更改密码处于活动状态时的Active Directory PrincipalContext.ValidateCredentials的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！