1

I am trying to check and see if a user needs to reset their password based on their AD pwdLastSet attribute. My problem is no matter what value I set for pwdLastSet (either "never" or has a date) it always returns null in UserPrincipalsEx.FindByIdentity().

My question is how do I ensure that if pwdLastSet actually has a date in the attribute, it will not return NULL in the code.

* NOTE * I have the UserPrincipalsEx to extend the search filter to find the "title" attribute and assign it to getUser.

Thank you in advance for any help.

try
        {
            PrincipalContext domainCtx = new PrincipalContext(ContextType.Domain, DomainFQDN, DomainFull);
            username = username + "@site.com";

            PrincipalContext userCtx = new PrincipalContext(ContextType.Domain);
            UserPrincipalsEx getUser = UserPrincipalsEx.FindByIdentity(userCtx, sAMName);

            /******* Check to see if the password is required to be reset *******/
            if (getUser.LastPasswordSet == null)
            {
                pnlResetPwd.Visible = true;
                pnlLogin.Visible = false;
                Domain.Text = "Passwords must be at least 8 characters and contain:<br>";
                Domain.Text = Domain.Text + "1 Upper case character.<br>";
                Domain.Text = Domain.Text + "1 Lower case character.<br>";
                Domain.Text = Domain.Text + "1 Special character (!@#$%^&*) or 1 Number.";
                Domain.Visible = true;
                return;
            }
            else
            {
                Domain.Text = getUser.Name;
                Domain.Visible = true;
            }

            /******* Check to see if the password matches Active Directory *******/
            dynamic authVerified = domainCtx.ValidateCredentials(username, password, ContextOptions.SimpleBind);
            if (authVerified)
            {
                Response.Cookies["WebAuth"]["sAMName"] = getUser.SamAccountName;
                Response.Cookies["WebAuth"]["Auth"] = "Yes";
                Response.Cookies["WebAuth"]["FirstName"] = getUser.GivenName;
                Response.Cookies["wevAuth"]["LastName"] = getUser.Surname;
                Response.Cookies["WebAuth"]["Fullname"] = getUser.DisplayName;
                Response.Cookies["WebAuth"]["Email"] = getUser.EmailAddress;
                Response.Cookies["WebAuth"]["Title"] = getUser.Title;
                Response.Cookies["WebAuth"].Expires = DateTime.Now.AddMinutes(10);
                Session["WebAuth"] = "Yes";
                Session["Firstname"] = getUser.GivenName;
                Session["Lastname"] = getUser.Surname;
                Session["Fullname"] = getUser.DisplayName;
                Session["Email"] = getUser.EmailAddress;
                Session["Title"] = getUser.Title;

                if (Request.Cookies["pageURL"] != null)
                {
                    redirect.Text = Request.Cookies["pageURL"]["path"];
                    Response.Cookies["pageURL"].Expires = DateTime.Now;
                    Response.Redirect(redirect.Text);
                }
                else
                {
                    Response.Redirect("/Home.aspx");
                }
            }
            else
            {
                txtUsername.Text = "";
                txtPassword.Text = "";
                txtUsername.Focus();
                lblMessage.Text = "The Usernsame/Password is incorrect.  Try again.";
                lblMessage.Visible = true;
                lblMessage.ForeColor = System.Drawing.Color.Red;
            }
        }
        catch
        {
            txtUsername.Text = "";
            txtPassword.Text = "";
            txtUsername.Focus();
            lblMessage.Text = "The Usernsame/Password is incorrect.  Try again.";
            lblMessage.Visible = true;
            lblMessage.ForeColor = System.Drawing.Color.Red;
        }
Red_Phoenix
  • 482
  • 6
  • 22

0 Answers0