根据本地安全策略验证新的AD密码?
[英]Validate new AD password according to local security policy?
问题描述
I would like to allow the current user to change their password (managed via active directory). 
我想允许当前用户更改其密码(通过活动目录进行管理)。
I would like to validate and then set their password in Active Directory (currently using the SetPassword invoke method ). 我想验证一下,然后在Active Directory中设置其密码(当前使用SetPassword invoke方法 )。
My problem is validating the password so that it meets the complexity requirements: 我的问题是验证密码,使其符合复杂性要求:
Not contain the user's account name or parts of the user's full name that exceed two consecutive characters Be at least six characters in length Contain characters from three of the following four categories: English uppercase characters (A through Z) English lowercase characters (a through z) Base 10 digits (0 through 9) Non-alphabetic characters (for example, !, $, #, %) Complexity requirements are enforced when passwords are changed or created.
I'm already using a CompareValidator with two textboxes so I was thinking about adding a RegularExpressionValidator ( source 1 , source 2 ) but I'm not sure how to get it to work with the whole "three of four categories" thing: 我已经在使用带有两个文本框的CompareValidator ,所以我正在考虑添加RegularExpressionValidator ( 源1 , 源2 ),但是我不确定如何使它与整个“四个类别中的三个”一起使用:
RegularExpressionValidator revComplex = new RegularExpressionValidator();
revComplex.ControlToValidate = _txtPassword1.ID;
revComplex.ErrorMessage = "Password must have at least 7 characters. Characters should be from at least three of the following four groups: uppercase letter, lowercase letter, digit, or special characters (for example, !, $, #, %).";
revComplex.ValidationExpression = @"^(?=.{7,})(?=.*[a-z])(?=.*[0-9])(?=.*[A-Z])(?!.*s).*$";
Surely someone has tried to do this before? 肯定有人曾经尝试过这样做吗? How should I validate a user's password before sending it to Active Directory according to the local security policy? 在根据本地安全策略将用户密码发送到Active Directory之前,应如何验证用户密码?
2 个解决方案
解决方案1
2 已采纳 2011-02-20 21:49:08
Imho, you can better use ChangePassword than SetPassword. 恕我直言,与SetPassword相比,您可以更好地使用ChangePassword。 That way, you require the user to specify his current (old) password. 这样,您需要用户指定其当前(旧)密码。 That may be interesting, because you can never be 100% sure that the user who is browsing your site is actually the user who is logged in. 这可能很有趣,因为您永远无法百分百确定正在浏览您的网站的用户实际上是登录的用户。
Here's a link with more information: http://www.primaryobjects.com/CMS/Article66.aspx 这是更多信息的链接: http : //www.primaryobjects.com/CMS/Article66.aspx
You do not have to validate the password in advance. 您不必事先验证密码。 Just send it to AD in a try-catch, and if it's not validated, the reason why will be in the exception message. 只需通过try-catch将其发送到AD,如果未通过验证,其原因将出现在异常消息中。
解决方案2
1 2015-03-07 01:20:21
I found a way to diagnose the error in a bit more detail. 我找到了一种更详细地诊断错误的方法。 It does not provided any feedback from AD, but we can perhaps create a mapping of the COM errors to a user friendly message. 它没有提供来自AD的任何反馈,但是我们也许可以创建COM错误到用户友好消息的映射。
This article provides more information about handling the possible COM errors: 本文提供有关处理可能的COM错误的更多信息:
http://www.ozkary.com/2015/03/active-directory-setpassword-or.html http://www.ozkary.com/2015/03/active-directory-setpassword-or.html
I think more detail can be added for these COM errors: 我认为可以为这些COM错误添加更多详细信息:
0x800708c5 0x8007202f 0x8007052d 0x8007052f 0x800708c5 0x8007202f 0x8007052d 0x8007052f
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.