I am working on a simple solution to update a user's password in Active Directory.
I can successfully update the users password. Updating the password works fine. Lets say the user has updated the password from
MyPass1 to MyPass2
Now when I run my custom code to validate users credential using:
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain"))
{
// validate the credentials
bool isValid = pc.ValidateCredentials("myuser", "MyPass2");
}
//returns true - which is good
Now when I enter some wrong password it validates very nicely:
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain"))
{
// validate the credentials
bool isValid = pc.ValidateCredentials("myuser", "wrongPass");
}
//returns false - which is good
Now for odd reasons, it validates the previous last password which was MyPass1 remember?
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain"))
{
// validate the credentials
bool isValid = pc.ValidateCredentials("myuser", "MyPass1");
}
//returns true - but why? we have updated password to Mypass2
I dont use directoryservices myself but I have seen that when it is used it appears to work with a cached copy of the user's information and any changes takes time to update in the application.
I am not sure if there is a way without restarting the web in IIS or waiting for it to replicate from AD. Had a guy where I work trying to use directoryservices for an application and had the same issue. If you want to test that try using the code here,
http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C and see if you can authenticate the user using the code there.
theITvideos
Member
2 Points
2 Posts
Just why... does Active Directory validate the last password?
Jan 20, 2012 10:41 PM|LINK
Hi there,
I am working on a simple solution to update a user's password in Active Directory.
I can successfully update the users password. Updating the password works fine. Lets say the user has updated the password from MyPass1 to MyPass2
Now when I run my custom code to validate users credential using:
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain")) { // validate the credentials bool isValid = pc.ValidateCredentials("myuser", "MyPass2"); } //returns true - which is goodNow when I enter some wrong password it validates very nicely:
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain")) { // validate the credentials bool isValid = pc.ValidateCredentials("myuser", "wrongPass"); }
//returns false - which is good
Now for odd reasons, it validates the previous last password which was MyPass1 remember?
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain")) { // validate the credentials bool isValid = pc.ValidateCredentials("myuser", "MyPass1"); }
//returns true - but why? we have updated password to Mypass2
I got this code from
http://stackoverflow.com/questions/290548/c-sharp-validate-a-username-and-password-against-active-directory
Guys, any thoughts on this...... Is it something to do with last password expiry or is this how the validation supposed to work
Kindly reply... Any inputs would be greatly appreciated :)
Cheers!
gww
Contributor
2143 Points
458 Posts
Re: Just why... does Active Directory validate the last password?
Jan 21, 2012 07:16 PM|LINK
I dont use directoryservices myself but I have seen that when it is used it appears to work with a cached copy of the user's information and any changes takes time to update in the application.
theITvideos
Member
2 Points
2 Posts
Re: Just why... does Active Directory validate the last password?
Jan 22, 2012 12:12 AM|LINK
Hi there...
Thanks for your. How can we clear the cached copy?
Please reply.
gww
Contributor
2143 Points
458 Posts
Re: Just why... does Active Directory validate the last password?
Jan 23, 2012 02:58 PM|LINK
I am not sure if there is a way without restarting the web in IIS or waiting for it to replicate from AD. Had a guy where I work trying to use directoryservices for an application and had the same issue. If you want to test that try using the code here, http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C and see if you can authenticate the user using the code there.