 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Security / May 2008ActiveDirectoryMembershipProvider & ChangePassword control
I'm using AD for my asp.net c# forms authentication. The login control works great. However we need the provider to force a change of password when the AD account's "User must change password on next login" attribute is set to true. Using DirectoryServices I can check to see if the attribute is set but when I try to use the ChangePassword control it won't reset the password. I get a "Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1" warning even though Iv'e met the password rules. Does this provider support the ChangePassword control? Thanks. "Change password at next login" is not supported via any type of LDAP auth which is what the membership provider uses, so essentially you can't do this. As far as I know, you can only support this feature via interactive logon. Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > I'm using AD for my asp.net c# forms authentication. The login control > works [quoted text clipped - 12 lines] > Does this provider support the ChangePassword control? > Thanks. What is an interactive logon? > "Change password at next login" is not supported via any type of LDAP auth > which is what the membership provider uses, so essentially you can't do [quoted text clipped - 18 lines] > > Does this provider support the ChangePassword control? > > Thanks. When you log on to a workstation or server at the terminal or through terminal services. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > What is an interactive logon? > [quoted text clipped - 25 lines] >> > Does this provider support the ChangePassword control? >> > Thanks. This web app is externally facing and needs to use AD in our DMZ. The process for creating and maintaining user accounts is this: 1. a user requests an account using our web page. 2. when approved, a LDAP call is made to create the account in AD. 2a. the LDAP call creates the user. 2b. sets a temporary password. 2c. the password needs to be a temporary one. So the LDAP call sets the "user must change password on next login" attribute. (we thought we could force a change password by using this attribute) 2d. when logging, in the web app(using ActiveDirectoryMembershipProvider) needs to detect that the password they are using is a temporary one and then force a change of the password. How would you suggest this be done? If the ActiveDirectoryMembershipProvider does not support this attribute is there another way of getting this funcitonality? Maybe a combination of ActiveDirectoryMembershipProvider and DirectoryServices coding to check the attribute not supported? Hope this makes sense. -Dan > When you log on to a workstation or server at the terminal or through > terminal services. [quoted text clipped - 29 lines] > >> > Does this provider support the ChangePassword control? > >> > Thanks. You'll have to custom code that somehow with some sort of "enhanced" AD membership provider (if you still want to use the membership provider for the provisioning piece and not just the credentials validation). You won't be able to use the native function for "user must change password at next logon". Essentially, you would need to store some value in the user account indicating "first logon" and if that is set, force the user to change the password in the UI. Then, when that password change is done you would update the value so that "first logon" would not be set. You could probably do something like this fairly easy by just putting a value into an existing AD attribute that you aren't using for anything else. The rest of it would be logic you would have to build into your user management UI. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > This web app is externally facing and needs to use AD in our DMZ. > [quoted text clipped - 63 lines] >> >> > Does this provider support the ChangePassword control? >> >> > Thanks. thanks Joe. Very helpful > You'll have to custom code that somehow with some sort of "enhanced" AD > membership provider (if you still want to use the membership provider for [quoted text clipped - 80 lines] > >> >> > Does this provider support the ChangePassword control? > >> >> > Thanks. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.