Re: ActiveDirectoryMembershipProvider & ChangePassword control
- From: dknight <dknight@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 May 2008 09:47:00 -0700
This web app is externally facing and needs to use AD in our DMZ.
The process for creating and maintaining user accounts is this:
1. a user requests an account using our web page.
2. when approved, a LDAP call is made to create the account in AD.
2a. the LDAP call creates the user.
2b. sets a temporary password.
2c. the password needs to be a temporary one. So the LDAP call sets the
"user must change password on next login" attribute. (we thought we could
force a change password by using this attribute)
2d. when logging, in the web app(using ActiveDirectoryMembershipProvider)
needs to detect that the password they are using is a temporary one and then
force a change of the password.
How would you suggest this be done?
If the ActiveDirectoryMembershipProvider does not support this attribute is
there another way of getting this funcitonality? Maybe a combination of
ActiveDirectoryMembershipProvider and DirectoryServices coding to check the
attribute not supported?
Hope this makes sense.
-Dan
"Joe Kaplan" wrote:
When you log on to a workstation or server at the terminal or through.
terminal services.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"dknight" <dknight@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:55F5AD40-A86E-452F-980A-45FA83B9E63D@xxxxxxxxxxxxxxxx
What is an interactive logon?
"Joe Kaplan" wrote:
"Change password at next login" is not supported via any type of LDAP
auth
which is what the membership provider uses, so essentially you can't do
this. As far as I know, you can only support this feature via
interactive
logon.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"dknight" <dknight@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:352A1A2B-BFE7-4836-912D-52B5AC84B262@xxxxxxxxxxxxxxxx
I'm using AD for my asp.net c# forms authentication. The login control
works
great.
However we need the provider to force a change of password when the AD
account's "User must change password on next login" attribute is set to
true.
Using DirectoryServices I can check to see if the attribute is set but
when
I try to use the ChangePassword control it won't reset the password. I
get
a
"Password incorrect or New Password invalid. New Password length
minimum:
7.
Non-alphanumeric characters required: 1" warning even though Iv'e met
the
password rules.
Does this provider support the ChangePassword control?
Thanks.
- Follow-Ups:
- Re: ActiveDirectoryMembershipProvider & ChangePassword control
- From: Joe Kaplan
- Re: ActiveDirectoryMembershipProvider & ChangePassword control
- References:
- ActiveDirectoryMembershipProvider & ChangePassword control
- From: dknight
- Re: ActiveDirectoryMembershipProvider & ChangePassword control
- From: Joe Kaplan
- Re: ActiveDirectoryMembershipProvider & ChangePassword control
- From: dknight
- Re: ActiveDirectoryMembershipProvider & ChangePassword control
- From: Joe Kaplan
- ActiveDirectoryMembershipProvider & ChangePassword control
- Prev by Date: Re: ActiveDirectoryMembershipProvider & ChangePassword control
- Next by Date: Re: ActiveDirectoryMembershipProvider & ChangePassword control
- Previous by thread: Re: ActiveDirectoryMembershipProvider & ChangePassword control
- Next by thread: Re: ActiveDirectoryMembershipProvider & ChangePassword control
- Index(es):
Relevant Pages
|
