更新时间:2021-11-11 20:11:28
在互联网上搜索长后,与错误讯息一些经验工作,通过Win32API的一些洞穴探险,我再也忍受不了,至今作品的解决方案上来。
After a long search on the Internet, some empirical work with error messages and some spelunking through Win32API, I've came up with a solution that, so far works.
Boolean ValidateUser(String userName, String password)
{
try
{
var user = new DirectoryEntry("LDAP://<my LDAP server>",
userName,
password);
var obj = user.NativeObject;
return true;
}
catch (DirectoryServicesCOMException ex)
{
/*
* The string " 773," was discovered empirically and it is related to the
* ERROR_PASSWORD_MUST_CHANGE = 0x773 that is returned by the LogonUser API.
*
* However this error code is not in any value field of the
* error message, therefore we need to check for the existence of
* the string in the error message.
*/
if (ex.ExtendedErrorMessage.Contains(" 773,"))
throw new UserMustChangePasswordException();
return false;
}
catch
{
throw;
}
}