问题
I'm doing asp.net, using FormsAuthentication with the AdMembership proivder.
I'm having to manually write a "change password on next logon" screen because it's not nativley supported in the provider.
I call :
if (Membership.Provider.ChangePassword(cpCv.LoginName, cpCv.OldPassword, cpCv.NewPassword))
to validate the user and change the password (but not clear the "on next logon flag")
But it always fails, (I assume becasue membership validation fails when the "Change Password On Next Logon flag" is set.)
What is the easiest way to validate the user, so I can be sure the "old password" and "username" match before resetting the password and clearing the "on next logon" flag?
I've got the resetpassword and clear flag stuff working, it's the validation that's got me stuck.
Also tried this code, If the Reset flag is false, it logs in, if true it fails to log in.
DirectoryEntry de = new DirectoryEntry( path, "jcsn\\"+AdUserName, AdPassword );
try
{
//Bind to the native AdsObject to force authentication.
object obj = de.NativeObject;
DirectorySearcher search = new DirectorySearcher( de );
search.Filter = "(SAMAccountName=" + AdUserName + ")";
search.PropertiesToLoad.Add( "cn" );
SearchResult result = search.FindOne();
if ( null == result )
{
return false;
}
}
catch ( Exception ex )
{
throw new Exception( "Error authenticating user. " + ex.Message );
}
Thanks,
Eric-
回答1:
There is a function called Membership.Validate. I think your code would look like this:
if(Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
{
//Proceed with the change
}
I'm not sure why your call to ChangePassword is failing though--I think ChangePassword might call ValidateUser anyways.
回答2:
Although this is an old thread, it seems unanswered.
In the linked forum post, the developer contacted Microsoft on this same issue with Membership.ValidateUser() returning false when the Account Option for 'User must change password at next logon' was checked by a SysAdmin:
The ActiveDirectoryMembershipProvider does not allow users having the "User must change password on next logon...." flag set to log in. According to MS this is by design: Because the ActiveDirectoryMembershipProvider doesn't provide a mechanism to force the user to give a new password at log on, authentication is blocked.
They went on to give a hint where they used the Security API with FormsAuthentication, but did not provide an example.
Anyone have any ideas?
来源:https://stackoverflow.com/questions/5584951/change-password-on-next-logon-for-forms-login-with-admembership-providier