Lock users out of Active Directory with ASP.NET application -
we have intranet asp.net 4.0 application , use forms authentication employees authenticate against active directory log in.
we need lock users out of ad after many failed password attempts (number set in domain policy).
as works now, users locked out of application not out of ad. need lock them in ad , need call desk unlock them.
i saw http://msdn.microsoft.com/en-us/library/ms998360.aspx, stated under "account lockout" activedirectorymembershipprovider locks users out of provider not out of ad.
but how lock users in ad then?
web.config:
<membership defaultprovider="myadmembershipprovider"> <providers> <add name="myadmembershipprovider" type="system.web.security.activedirectorymembershipprovider, system.web, version=4.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a" connectionstringname="adconnectionstring" connectionusername="administrator" connectionpassword="passw0rd" attributemapusername="samaccountname" /> </providers> </membership> login.aspx:
<asp:login id="login1" runat="server" displayrememberme="false" failuretext="wrong user name or password." destinationpageurl="~/user.aspx" onloggedin="login1_loggedin" onloginerror="login1_loginerror"> login.aspx.cs
protected void login1_loginerror(object sender, eventargs e) { string username = login1.username; if (!string.isnullorempty(username)) { // information user membershipuser usr = membership.getuser(username); if (usr != null) { // check see if error occurred because not approved if (!usr.isapproved) { login1.failuretext = "your account has not yet been approved administrator."; } // check see if user locked out else if (usr.islockedout) { login1.failuretext = "you have been locked out of account due many failed passwords. call desk unlock it."; } } } }
Comments
Post a Comment