C#ASP.NET帐户锁定,已禁用,已过期且密码已过期

时间:2015-01-19 07:28:25

标签: c# asp.net

我知道这已经被问了好几次,但我还是C#的新手,并且不太清楚如何使用提供给其他问题的答案。

我正在使用.Net 4.5.1。

我有一个网站,您可以在其中输入域用户ID和域名。我用Classic ASP和VBScript写了这个网站。然后它显示帐户状态,IE。显示名称,UPN,电子邮件地址,密码已过期(以及何时到期),密码锁定状态,帐户已过期(从不或日期或过期日期)以及帐户是否已禁用。我正在尝试转换为ASP.NET和C#。

我有以下内容:

protected void Page_Load(object sender, EventArgs e)
{
    string strUserToSearchFor = (string)(Session["txbUserID"]);
    string strUserDomain = (string)(Session["drpDomain"]);
    string strDomainFQDN = "";
    Dictionary<string, string> dicDomainFQDN = new Dictionary<string, string>();
    dicDomainFQDN.Add("DOMAIN1", "DC=1,DC=domain,DC=com");
    dicDomainFQDN.Add("DOMAIN2", "DC=2,DC=domain,DC=com");
    dicDomainFQDN.Add("DOMAIN3", "DC=3,DC=domain,DC=com");

    if (dicDomainFQDN.ContainsKey(strUserDomain.ToUpper()))
    {
        strDomainFQDN = dicDomainFQDN[strUserDomain.ToUpper()];
    }

    dicDomainFQDN.Clear();

    AuthenticationTypes ADAT = AuthenticationTypes.Anonymous;
    ADAT = AuthenticationTypes.Secure;

    string strADSearchUsername = "username";
    string strADSearchPassword = "password";

    DirectoryEntry ADConn = ADConn = new DirectoryEntry("LDAP://" + strDomainFQDN, strADSearchUsername, strADSearchPassword, ADAT);

    strADSearchUsername = string.Empty;
    strADSearchPassword = string.Empty;

    DirectorySearcher ADSearch = new DirectorySearcher(ADConn);

    ADSearch.Filter = "maxPwdAge=*";

    SearchResultCollection ADMaxPwdAgeResult = ADSearch.FindAll();

    long intMaxPwdDays = 0;

    if (ADMaxPwdAgeResult.Count >= 1)
    {
        Int64 intMaxPwdAge = (Int64)ADMaxPwdAgeResult[0].Properties["maxPwdAge"][0];
        intMaxPwdDays = intMaxPwdAge / -864000000000;
    }

    ADMaxPwdAgeResult.Dispose();

    ADSearch.SearchScope = SearchScope.Subtree;
    ADSearch.PageSize = 1001;

    ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + strUserToSearchFor + "))";

    strUserToSearchFor = string.Empty;

    SearchResult ADResult = ADSearch.FindOne();

    if (ADResult != null)
    {
        string strName = "";
        string strMail = "";
        string strMobile = "";
        string strUPN = "";
        string strPwdLastSet = "";
        string strPwdLocked = "";
        string strAccountEpiryDate = "";
        string strAccountDisabled = "";

        strName = ADResult.Properties["displayName"][0].ToString();
        strMail = ADResult.Properties["mail"][0].ToString();
        strMobile = ADResult.Properties["mobile"][0].ToString();
        strUPN = ADResult.Properties["userPrincipalName"][0].ToString();

        if (ADResult.Properties["pwdLastSet"].Count > 0)
        {
            DateTime dtmPwdLastSet = new DateTime();
            dtmPwdLastSet = DateTime.FromFileTime((Int64)(ADResult.Properties["pwdLastSet"][0]));
            dtmPwdLastSet = dtmPwdLastSet.AddDays(intMaxPwdDays);
            if (dtmPwdLastSet <= DateTime.Today)
            {
                strPwdLastSet = dtmPwdLastSet.ToString() + " (Expired)";
            }
            else
            {
                strPwdLastSet = dtmPwdLastSet.ToString();
            }
        }
        else
        {
            strPwdLastSet = "Change at next logon";
        }
        ...

之后,我不知道如何锁定密码,帐户被禁用以及帐户有效期限(如果有)。

对于密码锁定,我试过:

        if (ADResult.Properties["IsAccountLocked"].Count > 0)
        {
            strPwdLocked = "Yes";
        }
        else
        {
            strPwdLocked = "No";
        }

对于帐户到期,我尝试了与密码到期时相同的方法,但它没有注意到有效期限。在禁用帐户的情况下,我找到了一个可以解决问题的功能(我怀疑),但我不知道如何从我的脚本中调用该函数。

private bool IsActive(DirectoryEntry de)
{
    if (de.NativeGuid == null) return false;
    int flags = (int)de.Properties["userAccountControl"].Value;
    return !Convert.ToBoolean(flags & 0x0002);
}

任何帮助都要非常感激。

此外,由于我添加了最大密码年龄代码,因此页面需要3倍的时间。有没有办法更快地获得域的最大密码年龄?

好的,我想出了残疾人的部分:

DirectoryEntry ADEntry = ADResult.GetDirectoryEntry();
int intUserDisabled = (int)ADEntry.Properties["userAccountControl"].Value;
bool bolAccountDisabled = Convert.ToBoolean(intUserDisabled & 2);
if (bolAccountDisabled == true)
{
    strAccountDisabled = "Yes";
}

这也有助于检查密码是否被锁定。

bool bolPasswordLocked = Convert.ToBoolean(intUserDisabled & 16);

请在帐号到期日期仍然需要帮助。

1 个答案:

答案 0 :(得分:0)

好的,得到了​​解决方案。

protected void Page_Load(object sender, EventArgs e)
{
    string strUserToSearchFor = (string)(Session["txbUserID"]);
    string strUserDomain = (string)(Session["drpDomain"]);
    string strDomainFQDN = "";

    Dictionary<string, string> dicDomainFQDN = new Dictionary<string, string>();
    dicDomainFQDN.Add("DOMAIN1", "DC=1,DC=domain,DC=com");
    dicDomainFQDN.Add("DOMAIN2", "DC=2,DC=domain,DC=com");
    dicDomainFQDN.Add("DOMAIN3", "DC=3,DC=domain,DC=com");

    if (dicDomainFQDN.ContainsKey(strUserDomain.ToUpper()))
    {
        strDomainFQDN = dicDomainFQDN[strUserDomain.ToUpper()];
    }

    AuthenticationTypes ADAT = AuthenticationTypes.Anonymous;
    ADAT = AuthenticationTypes.Secure;

    DirectoryEntry ADConn = ADConn = new DirectoryEntry("LDAP://" + strDomainFQDN, strADSearchUsername, strADSearchPassword, ADAT);

    DirectorySearcher ADSearch = new DirectorySearcher(ADConn);

    ADSearch.Filter = "maxPwdAge=*";

    SearchResultCollection ADMaxPwdAgeResult = ADSearch.FindAll();

    long intMaxPwdDays = 0;

    if (ADMaxPwdAgeResult.Count >= 1)
    {
        Int64 intMaxPwdAge = (Int64)ADMaxPwdAgeResult[0].Properties["maxPwdAge"][0];
        intMaxPwdDays = intMaxPwdAge / -864000000000;
    }

    ADSearch.SearchScope = SearchScope.Subtree;
    ADSearch.PageSize = 1001;

    ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + strUserToSearchFor + "))";

    strUserToSearchFor = string.Empty;

    SearchResult ADResult = ADSearch.FindOne();

    if (ADResult != null)
    {
        DirectoryEntry ADEntry = ADResult.GetDirectoryEntry();

        string strName = "";
        string strMail = "";
        string strMobile = "";
        string strUPN = "";
        string strPwdLastSet = "";
        string strPwdLocked = "No";
        string strAccountEpiryDate = "";
        string strAccountDisabled = "No";

        int intFlags = (int)ADEntry.Properties["userAccountControl"].Value;

        strName = ADEntry.Properties["displayName"][0].ToString();
        strMail = ADEntry.Properties["mail"][0].ToString();
        strMobile = ADResult.Properties["mobile"][0].ToString();
        strUPN = ADEntry.Properties["userPrincipalName"][0].ToString();

        // Get the date the password was last set and check if it has expired
        if (ADEntry.Properties["pwdLastSet"].Count > 0)
        {
            DateTime dtmPwdLastSet = new DateTime();
            dtmPwdLastSet = DateTime.FromFileTime((Int64)(ADEntry.Properties["pwdLastSet"][0]));
            dtmPwdLastSet = dtmPwdLastSet.AddDays(intMaxPwdDays);
            if (dtmPwdLastSet <= DateTime.Today)
            {
                strPwdLastSet = dtmPwdLastSet.ToString() + " (Expired)";
            }
            else
            {
                strPwdLastSet = dtmPwdLastSet.ToString();
            }
        }
        else
        {
            strPwdLastSet = "Change at next logon";
        }

        // Check if the password is locked
        bool bolPwdLocked = Convert.ToBoolean(intFlags & 0x00000010);
        if (bolPwdLocked == true)
            strPwdLocked = "Yes";

        // Check if the account has expired
        if (ADResult.Properties["accountExpires"].Count > 0)
        {
            DateTime dtmAccountExpires = new DateTime();
            dtmAccountExpires = DateTime.FromFileTime((Int64)(ADResult.Properties["accountExpires"][0]));
            if (dtmAccountExpires <= DateTime.Today)
            {
                strAccountEpiryDate = dtmAccountExpires.ToString() + " (Expired)";
            }
            else
            {
                strAccountEpiryDate = dtmAccountExpires.ToString();
            }
        }
        else
        {
            strAccountEpiryDate = "Never";
        }

        // Check if the account is disabled
        bool bolAccountDisabled = Convert.ToBoolean(intFlags & 0x00000002);
        if (bolAccountDisabled == true)
            strAccountDisabled = "Yes";
    }
}
相关问题
最新问题