我将确定LADP密码是否已过期?
我可以从LDAP查询用户信息以查看它是否已过期,但在此检查之前,我想确保用户输入的当前密码是正确的。
using (HostingEnvironment.Impersonate())
{
// set up domain context
using (var ctx = new PrincipalContext(ContextType.Domain))
{
try
{
*我希望此部分检查当前用户名和密码是否正确。但对于Expired Password,它不起作用。在检查密码到期之前,我想检查当前用户和密码是否正确。
details.IsAuthenticate = ctx.ValidateCredentials(username, password);
}
catch (Exception exp)
{
throw exp;
}
// find the user
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username);
if (user != null)
{
// get the underlying DirectoryEntry object from the UserPrincipal
details.IsUserExist = true;
var de = (DirectoryEntry)user.GetUnderlyingObject();
// now get the UserEntry object from the directory entry
var ue = (ActiveDs.IADsUser)de.NativeObject;
details.IsAccountLocked = ue.IsAccountLocked;
details.IsAccountActive = !ue.AccountDisabled;
details.PasswordExpirationDate = ue.PasswordExpirationDate;
// details.PasswordLastChanged = ue.PasswordLastChanged;
details.HasPasswordExpired = ue.PasswordExpirationDate <= DateTime.Now;
details.PasswordNeverExpired = user.PasswordNeverExpires;
if (user.PasswordNeverExpires)
{
details.HasPasswordExpired = false;
}
if (user.LastPasswordSet.HasValue == false && user.PasswordNeverExpires == false)
{
details.ForceChangePassword = true;
}
else
{
details.ForceChangePassword = false;
}
}
答案 0 :(得分:0)
我找到了答案。
我尝试了另一种方法,而不是使用PrincipalContext对象。
try
{
LdapConnection connection = new LdapConnection(ctx.ConnectedServer);
NetworkCredential credential = new NetworkCredential(username, password);
connection.Credential = credential;
connection.Bind();
//Console.WriteLine("logged in");
}
catch (LdapException lexc)
{
String error = lexc.ServerErrorMessage;
Console.WriteLine(lexc);
}
catch (Exception exc)
{
Console.WriteLine(exc);
}
通过查看捕获的结果,你可以做任何你想做的事。
525用户未找到
52e无效凭据
530此时不允许登录
531不允许在此工作站登录
532密码已过期
已禁用533帐户
701帐号已过期
773用户必须重置密码
775用户帐户被锁定
/ ********************************************** ********* /