Last post Jun 18, 2010 02:14 PM by smirnov
Jun 18, 2010 12:14 PM|Davide Mologni|LINK
I'm analizing this situation:
-I've ASP.NET intranet application
-I've to centralize users' passwords in my domain and have visibility of them.
-Each user must change his own password each 3 months.
-Each user must have only one password for the access to Windows,Intranet application and ERP application
Is there a way to block all user accounts periodically and asking them to insert the new password after the logon to windows?after that i could make a query that update the passwrod in Intranet and ERP application
I will be grateful for any answer
AD C# LDAP single sign-on
active Directory credentials
Jun 18, 2010 02:14 PM|smirnov|LINK
A single sign-on using AD means an access to many resources once the user is initially authenticated in domain. Normally, users who work inside an AD domain in the corporate network periodically receive password change prompts right at their logon screens.
There is no need to block accounts and ask for a password - this is forced by the domain password policy. ASP.NET application in its turn, should be configured for access without logging in again. This required to have selected "Integrated Windows Authentication"
on IIS (assuming that server is in domain) and switching to authentication mode="Windows" in the web.config file of the application. It is also required to configure security settings in clients web browsers to enable Integrated Windows authentication.