确定用户密码何时过期 Active Directory,抛出错误的异常
Determining when users password has expired Active Directory, Wrong exception being thrown
当在 AD 中将用户密码设置为 "Change on next Login" 时,用户无法登录,因为他们的密码显示为不正确。我希望能够在身份验证时确定这一点并提示用户更改密码。
我知道要做到这一点,我需要按照 question however that exception is not being thrown instead the exception being thrown is a Interop.COMException which is higher up the inheritance hierarchy.
中的描述捕捉 DirectoryServicesCOMException
这不包含确定密码是否需要更改或只是不正确所需的信息。
private bool IsAuthenticated(string Path, string UserName, string Password)
{
try
{
DirectoryEntry userEntry = new DirectoryEntry(Path, UserName, Password); //, AuthenticationTypes.Signing)
var obj = userEntry.NativeObject;
return true;
}
catch (DirectoryServicesCOMException ex)
{
if (ex.ExtendedErrorMessage.Contains(" 773,") || ex.ExtendedErrorMessage.Contains("532"))
{
EventLogController.Instance.AddLog("Password expired", ex.ExtendedErrorMessage, Globals.GetPortalSettings(), -1, DotNetNuke.Services.Log.EventLog.EventLogController.EventLogType.ADMIN_ALERT);
System.Web.HttpContext.Current.Response.Cookies["sync_expiryToken"].Value = "1";
return true;
}
return false;
}
catch (COMException ex)
{
EventLogController.Instance.AddLog("Password wrong", ex.ToString(), Globals.GetPortalSettings(), -1, DotNetNuke.Services.Log.EventLog.EventLogController.EventLogType.ADMIN_ALERT);
return false;
}
catch (Exception ex)
{
Exceptions.LogException(ex);
return false;
}
}
我终于找到了答案,
某些身份验证类型只抛出 COMException 而不是 DirectoryServicesCOMException
在 ldap 上将身份验证类型设置为 AuthenticationTypes.None 解决了这个问题。
当在 AD 中将用户密码设置为 "Change on next Login" 时,用户无法登录,因为他们的密码显示为不正确。我希望能够在身份验证时确定这一点并提示用户更改密码。
我知道要做到这一点,我需要按照 question however that exception is not being thrown instead the exception being thrown is a Interop.COMException which is higher up the inheritance hierarchy.
DirectoryServicesCOMException
这不包含确定密码是否需要更改或只是不正确所需的信息。
private bool IsAuthenticated(string Path, string UserName, string Password)
{
try
{
DirectoryEntry userEntry = new DirectoryEntry(Path, UserName, Password); //, AuthenticationTypes.Signing)
var obj = userEntry.NativeObject;
return true;
}
catch (DirectoryServicesCOMException ex)
{
if (ex.ExtendedErrorMessage.Contains(" 773,") || ex.ExtendedErrorMessage.Contains("532"))
{
EventLogController.Instance.AddLog("Password expired", ex.ExtendedErrorMessage, Globals.GetPortalSettings(), -1, DotNetNuke.Services.Log.EventLog.EventLogController.EventLogType.ADMIN_ALERT);
System.Web.HttpContext.Current.Response.Cookies["sync_expiryToken"].Value = "1";
return true;
}
return false;
}
catch (COMException ex)
{
EventLogController.Instance.AddLog("Password wrong", ex.ToString(), Globals.GetPortalSettings(), -1, DotNetNuke.Services.Log.EventLog.EventLogController.EventLogType.ADMIN_ALERT);
return false;
}
catch (Exception ex)
{
Exceptions.LogException(ex);
return false;
}
}
我终于找到了答案,
某些身份验证类型只抛出 COMException 而不是 DirectoryServicesCOMException
在 ldap 上将身份验证类型设置为 AuthenticationTypes.None 解决了这个问题。