我要确定LADP密码是否已过期?过期用户的ValidateCredentials
我可以从LDAP查询用户信息,看它是否过期,但在此检查之前,我想确保用户输入的当前密码是正确的。
using (HostingEnvironment.Impersonate())
{
// set up domain context
using (var ctx = new PrincipalContext(ContextType.Domain))
{
try
{
*我希望本节检查当前用户名和密码是否正确。但对于过期的密码它不起作用。在检查密码过期之前,我想检查当前用户和密码是否正确。
details.IsAuthenticate = ctx.ValidateCredentials(username, password);
}
catch (Exception exp)
{
throw exp;
}
// find the user
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username);
if (user != null)
{
// get the underlying DirectoryEntry object from the UserPrincipal
details.IsUserExist = true;
var de = (DirectoryEntry)user.GetUnderlyingObject();
// now get the UserEntry object from the directory entry
var ue = (ActiveDs.IADsUser)de.NativeObject;
details.IsAccountLocked = ue.IsAccountLocked;
details.IsAccountActive = !ue.AccountDisabled;
details.PasswordExpirationDate = ue.PasswordExpirationDate;
// details.PasswordLastChanged = ue.PasswordLastChanged;
details.HasPasswordExpired = ue.PasswordExpirationDate <= DateTime.Now;
details.PasswordNeverExpired = user.PasswordNeverExpires;
if (user.PasswordNeverExpires)
{
details.HasPasswordExpired = false;
}
if (user.LastPasswordSet.HasValue == false && user.PasswordNeverExpires == false)
{
details.ForceChangePassword = true;
}
else
{
details.ForceChangePassword = false;
}
}
您正在使用speci的代码微软的Active Directory。 – jwilleke 2014-10-02 10:51:27