且构网

分享程序员开发的那些事...
且构网 - 分享程序员编程开发的那些事

LDAP验证失败时"用户必须对" ;.下次登录时更改密码任何解决方案?

更新时间:2021-11-11 20:11:28

在互联网上搜索长后,与错误讯息一些经验工作,通过Win32API的一些洞穴探险,我再也忍受不了,至今作品的解决方案上来。

After a long search on the Internet, some empirical work with error messages and some spelunking through Win32API, I've came up with a solution that, so far works.

Boolean ValidateUser(String userName, String password)
{
  try
  {
    var user = new DirectoryEntry("LDAP://<my LDAP server>", 
                    userName, 
                    password);
    var obj = user.NativeObject;
    return true;
  }
  catch (DirectoryServicesCOMException ex)
  {
    /*
     * The string " 773," was discovered empirically and it is related to the
     * ERROR_PASSWORD_MUST_CHANGE = 0x773 that is returned by the LogonUser API.
     * 
     * However this error code is not in any value field of the 
     * error message, therefore we need to check for the existence of 
     * the string in the error message.
     */
     if (ex.ExtendedErrorMessage.Contains(" 773,"))
        throw new UserMustChangePasswordException();

     return false;
  }
  catch
  {
     throw;
  }
}