过期用户的ValidateCredentials

Question

我要确定LADP密码是否已过期？

我可以从LDAP查询用户信息，看它是否过期，但在此检查之前，我想确保用户输入的当前密码是正确的。

using (HostingEnvironment.Impersonate()) 
      { 
       // set up domain context 
       using (var ctx = new PrincipalContext(ContextType.Domain)) 
       { 
        try 
        { 

*我希望本节检查当前用户名和密码是否正确。但对于过期的密码它不起作用。在检查密码过期之前，我想检查当前用户和密码是否正确。

     details.IsAuthenticate = ctx.ValidateCredentials(username, password); 
        } 
        catch (Exception exp) 
        { 

         throw exp; 
        } 
        // find the user 
        var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username); 

        if (user != null) 
        { 
         // get the underlying DirectoryEntry object from the UserPrincipal 
         details.IsUserExist = true; 
         var de = (DirectoryEntry)user.GetUnderlyingObject(); 

         // now get the UserEntry object from the directory entry 
         var ue = (ActiveDs.IADsUser)de.NativeObject; 

         details.IsAccountLocked = ue.IsAccountLocked; 
         details.IsAccountActive = !ue.AccountDisabled; 
         details.PasswordExpirationDate = ue.PasswordExpirationDate; 
         // details.PasswordLastChanged = ue.PasswordLastChanged; 
         details.HasPasswordExpired = ue.PasswordExpirationDate <= DateTime.Now; 
         details.PasswordNeverExpired = user.PasswordNeverExpires; 

         if (user.PasswordNeverExpires) 
         { 
          details.HasPasswordExpired = false; 
         } 

         if (user.LastPasswordSet.HasValue == false && user.PasswordNeverExpires == false) 
         { 
          details.ForceChangePassword = true; 
         } 
         else 
         { 
          details.ForceChangePassword = false; 
         } 

        } 

Answer 1

我找到了我的答案。

而不是使用PrincipalContext对象我试过另一种方式。

     try 
         { 
          LdapConnection connection = new LdapConnection(ctx.ConnectedServer); 
          NetworkCredential credential = new NetworkCredential(username, password); 
          connection.Credential = credential; 
          connection.Bind(); 
          //Console.WriteLine("logged in"); 
         } 
         catch (LdapException lexc) 
         { 
          String error = lexc.ServerErrorMessage; 
          Console.WriteLine(lexc); 
         } 
         catch (Exception exc) 
         { 
          Console.WriteLine(exc); 
         } 

而且通过查看渔获物的结果，你可以做任何你想要的。

525用户没有找到

52E凭据无效

530不允许在这个时候

531不允许在此工作站

532登录登录密码已过期

533帐户已禁用

701帐户过期

773用户必须复位密码

775的用户帐户锁定

/****************** ***************/

Validate a username and password against Active Directory?

http://social.technet.microsoft.com/Forums/windowsserver/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS