473,587 Members | 2,230 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Active Directory Authentication - password reset not working correctly PLEASE HELP!

3 New Member
Hello,

I have been scanning the internet for a few days now. That is not working. So now it is time to post!

I have read a few other posts on here about authentication but they do not match exactly.

We currently have an intranet app built in a mixture of asp and asp.net 1.1 and 2.0 written in VB .Net. We have a form where the user logs in and it authenticates against active directory successully in 2 ways:

1. The admin resets the password and the user logs in using that password (not forced to change)

2. The user changes their password themselves.


HOWEVER

When the admin resets the password and checks the box to "force the password change" the application does not work. Here is the code that is causing the problem (specifically the DirectoryEntry, that is where the code fails). I have walked through the debugger and the code works fine for the 2 conditions I described above, but returns a the following error message when the password is reset and the user is "forced" to change their password:

{"Logon failure: unknown user name or bad password."}

Expand|Select|Wrap|Line Numbers
  1. Public Function IsAuthenticated(ByVal strUserId As String, _
  2.                                         ByVal strPassword As String) As Boolean
  3.  
  4.             Dim strDomainAndUsername As String = strDomain & "\" & strUserId
  5.             entry = New DirectoryEntry(adPath, strDomainAndUsername, strPassword, AuthenticationTypes.Secure)
  6.  
  7.             Try
  8.                 Dim search As DirectorySearcher = New DirectorySearcher(entry)
  9.  
  10.                 search.Filter = "(SAMAccountName=" & strUserId & ")"
  11.                 search.PropertiesToLoad.Add("cn")
  12.                 Dim result As SearchResult = search.FindOne()
  13.  
  14.                 If (result Is Nothing) Then
  15.                     Return False
  16.                 End If
  17.  
  18.             Catch ex As Exception
  19.                 Throw New Exception("Error authenticating user. " & ex.Message)
  20.             End Try
  21.  
  22.             Return True
  23.         End Function
  24.  
Please, any help with this would be greatly appreciated. It is a requirment of my company to force the password change after a user's password is reset. Not complying could mean big problems.



Thanks for your time,

Joe


Also, if there is any documentation that explains this better please let me know. What I have learned about Active Directory and authentication has been random posts and articles on the internet over the past few days.
Mar 20 '07 #1
6 9916
kenobewan
4,871 Recognized Expert Specialist
Welcome to the site. I believe that either the admin account is locked or the credentials are incorrect. I have paid the price recently for not having a test admin account, as failed tests were locking the live admin account :|.

I'd suggest getting a book or doing a course - I agree resources for AD on the net aren't great. HTH.
Mar 21 '07 #2
jarice1978
3 New Member
Thanks a million for replying! I have been monitoring this thread like a hawk!


Not sure I understand you response.

What admin account is locked.


Right now this is how it works. Admins on my team get requests from users to reset their passwords. They then login and reset the user's password via a tool called URMA(home grown tool).

The user will then try to login as normal. When a user logs in the code above gets executed. Specifically this line:

Expand|Select|Wrap|Line Numbers
  1. entry = New DirectoryEntry(adPath, strDomainAndUsername, strPassword, AuthenticationTypes.Secure) 
When the admin resets a users password and does not force them to change their password (does not check the checkbox in the tool), the user can login fine and the line of code above does not have any problems.

HOWEVER

If the admin checks the box to "force a password change" the line of code above fails with :

{"Logon failure: unknown user name or bad password."}

The DirectoryEntry initialization is not performing any admin modifications at this point. I beleive it is merely validating that the user and password are valid.



We have noticed one thing that could possibly be causing this. When the admin resets the password WITHOUT "forcing the user to change password" the value of the property pwdLastSet contains an actual date.

When the admin "forces a password change" the pwdLastSet value is null or "no value set". Could this be the culprit?

I only suspect this because out of the many posts I have looked at, when a developer wants to force a user to change their password within the code they are doing something like this:

Expand|Select|Wrap|Line Numbers
  1. user.Put("pwdLastSet", 0)
  2.  

So, now that I am on a tangent would the fact that there is no value set in pwdLastSet for a user be causing the DirectoryEntry initialization to fail with the
error:
{"Logon failure: unknown user name or bad password."}

???


Thanks again,

Joe
Mar 21 '07 #3
kenobewan
4,871 Recognized Expert Specialist
Hi Joe,

Obviously, I've never used your URMA tool but assume that it is a .NET application and works similarly to the AD applications that I work with. We have been going through a .NET 2 upgrade and I had to test our applications with new LDAP strings. I got locked out a couple of times as a consequence (same error message).

My suggestion is to get your Active Directory admin to check the account(s) used by your local admins who use the tool. In the tool, there are I assume different scripts being called depending on whether the checkbox is checked or not. Whether they use different connection strings or different credentials or the account is locked, I believe that this is where the problem lies. HTH.
Mar 22 '07 #4
jarice1978
3 New Member
Well that would make sense.

What doesn't make sense though, is that we can login through our citirx web interface and it works correctly. By this I mean that when the admin forces the change in our URMA tool, the user can login through citrix and it immedietly directs them to change their password like it should.

So this would point back to the code I am working with...
Mar 27 '07 #5
kenobewan
4,871 Recognized Expert Specialist
Your LDAP connection using AuthenticationT ypes is .NET 2. The problem appears to be a schema caching problem, which is a fancy way of saying if your login fails it falls back to anonymous connection with only LDAP version 2 available. I would predict that this means that you can still connect, as you have discovered, but certain fields e.g. samaccountname may write as system.byte[].

Please follow these steps:
1. Have the admin accounts checked to see if they are locked.
2. Have the admin accounts credentials checked.

I wasted time playing with the code when I had a problem. Lets rule out the problem I am referring to. Thanks.
Mar 28 '07 #6
kenobewan
4,871 Recognized Expert Specialist
BTW - reread your posts to check that I am not missing anything. If pwdLastSet was null I would expect a null exception error when the admin tried to force the change. You are right that it is strange that it is working in citrix, that I can't explain :(.
Mar 28 '07 #7

Sign in to post your reply or Sign up for a free account.

Similar topics
3
9168
Access denied while trying to change password in Active Directory
by: CLEAR-RCIC | last post by:
Hi. I have some code that updates a user's account properties in Active Directory. The code also has a call that resets the account password (see code below). I put the code in a .dll and have a test vb.net app that calls it. It works fine from there. When I try to call the .dll from an asp.net app, the update works but I get the error...
.NET Framework
0
4211
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET Applications and owner of Access Microsystems. Doug can be reached at doug@accessmicrosystems.com....
ASP.NET
7
1701
Forms Authentication and Active Directory
by: - Steve - | last post by:
I have forms based authentication working, using my Active Directory for authentication. I have a web page that creates a user in active directory. When I was using IIS authentication it worked fine, now it doesn't. I'm assuming it's running in the context of the IIS anonymous user. How can I get it to run as the user that logged in with...
ASP.NET
9
3166
"Sudden" Active Directory error on ASP.NET
by: Patrick | last post by:
I have an ASP.NET page that searches for someone in the corporate Active Directory. It had been working fine until recently when I changed from Basic Authentication on IIS6 back to Integrated Windows authentication. The error occurs on the FindAll method. The exceptions are as follows. anyway of getting the code working with Integrated...
ASP.NET
6
2455
urgent help on Active Directory Authentication from dotnet
by: varkey.mathew | last post by:
Dear all, Bear with me, a poor newbie(atleast in AD).. I have to authenticate a user ID and password for a user as a valid Active Directory user or not. I have created the IsAuthenticated function exactly as outlined in the below link. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp
ASP.NET
10
4044
Windows Authentication through Active Directory
by: Hriday | last post by:
Hi there, Please help me..It is urgent This is Hriday, working on windows authentication with Active Directory... My requirment is when a user sends a request to my web Applicatoin I want to Pop up windows Authentication box so that user will give his userId, Password & domain name for authenticaion. After that I want to take these...
Visual Basic .NET
2
4688
Active Directory LDAP Authentication Fails in IIS 6
by: P Webster | last post by:
We recently moved a web site that validated user credentials in Active Directory from IIS 5.1 to IIS 6, and the validation code no longer works. The web.config file is set to Windows authentication because all we do is verify the user on the login form so we can redirect them to the appropriate page based on their group. The code to...
ASP.NET
18
23775
Active Directory User Name from Logon Name
by: Arthur | last post by:
Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample code/examples? Thanks in advance, Arthur
C# / C Sharp
5
5485
Ldap search within active directory for authentication via ASP
by: wak0 | last post by:
Hi, I hope you guys can help me. I need to build a form that request username and password on ASP not ASP.net (sorry to clarify but i got some responses in other forums in .net) This form will send an LDAP query into the active directory located on a different server and it will check for existing users. If the users exist they will be...
ASP / Active Server Pages
0
7915
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
General
0
8205
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
C / C++
0
8339
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
Online Marketing
1
7967
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
Windows Server
0
8220
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
General
0
6619
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
Career Advice
0
5392
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
C# / C Sharp
0
3840
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
Networking - Hardware / Configuration
0
3872
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us