1

我正在尝试检查用户是否需要根据他们的 AD pwdLastSet 属性重置密码。我的问题是无论我为 pwdLastSet 设置什么值(“从不”或有日期)它总是在 UserPrincipalsEx.FindByIdentity() 中返回 null。

我的问题是如何确保如果 pwdLastSet 实际上在属性中有一个日期,它不会在代码中返回 NULL。

* 注意 * 我有 UserPrincipalsEx 来扩展搜索过滤器以查找“title”属性并将其分配给 getUser。

预先感谢您的任何帮助。

try
        {
            PrincipalContext domainCtx = new PrincipalContext(ContextType.Domain, DomainFQDN, DomainFull);
            username = username + "@site.com";

            PrincipalContext userCtx = new PrincipalContext(ContextType.Domain);
            UserPrincipalsEx getUser = UserPrincipalsEx.FindByIdentity(userCtx, sAMName);

            /******* Check to see if the password is required to be reset *******/
            if (getUser.LastPasswordSet == null)
            {
                pnlResetPwd.Visible = true;
                pnlLogin.Visible = false;
                Domain.Text = "Passwords must be at least 8 characters and contain:<br>";
                Domain.Text = Domain.Text + "1 Upper case character.<br>";
                Domain.Text = Domain.Text + "1 Lower case character.<br>";
                Domain.Text = Domain.Text + "1 Special character (!@#$%^&*) or 1 Number.";
                Domain.Visible = true;
                return;
            }
            else
            {
                Domain.Text = getUser.Name;
                Domain.Visible = true;
            }

            /******* Check to see if the password matches Active Directory *******/
            dynamic authVerified = domainCtx.ValidateCredentials(username, password, ContextOptions.SimpleBind);
            if (authVerified)
            {
                Response.Cookies["WebAuth"]["sAMName"] = getUser.SamAccountName;
                Response.Cookies["WebAuth"]["Auth"] = "Yes";
                Response.Cookies["WebAuth"]["FirstName"] = getUser.GivenName;
                Response.Cookies["wevAuth"]["LastName"] = getUser.Surname;
                Response.Cookies["WebAuth"]["Fullname"] = getUser.DisplayName;
                Response.Cookies["WebAuth"]["Email"] = getUser.EmailAddress;
                Response.Cookies["WebAuth"]["Title"] = getUser.Title;
                Response.Cookies["WebAuth"].Expires = DateTime.Now.AddMinutes(10);
                Session["WebAuth"] = "Yes";
                Session["Firstname"] = getUser.GivenName;
                Session["Lastname"] = getUser.Surname;
                Session["Fullname"] = getUser.DisplayName;
                Session["Email"] = getUser.EmailAddress;
                Session["Title"] = getUser.Title;

                if (Request.Cookies["pageURL"] != null)
                {
                    redirect.Text = Request.Cookies["pageURL"]["path"];
                    Response.Cookies["pageURL"].Expires = DateTime.Now;
                    Response.Redirect(redirect.Text);
                }
                else
                {
                    Response.Redirect("/Home.aspx");
                }
            }
            else
            {
                txtUsername.Text = "";
                txtPassword.Text = "";
                txtUsername.Focus();
                lblMessage.Text = "The Usernsame/Password is incorrect.  Try again.";
                lblMessage.Visible = true;
                lblMessage.ForeColor = System.Drawing.Color.Red;
            }
        }
        catch
        {
            txtUsername.Text = "";
            txtPassword.Text = "";
            txtUsername.Focus();
            lblMessage.Text = "The Usernsame/Password is incorrect.  Try again.";
            lblMessage.Visible = true;
            lblMessage.ForeColor = System.Drawing.Color.Red;
        }
4

0 回答 0