C# ASP.NET 帐户锁定、禁用、过期和密码过期
C# ASP.NET Account Lockout, Disabled, Expired and Password Expired
我知道这个问题已经被问过几次了,但我还是 C# 的新手,不太了解如何使用为其他问题提供的答案。
我正在使用 .Net 4.5.1。
我有一个站点,您可以在其中输入域用户 ID 和域。我用 Classic ASP 和 VBScript 编写了网站。然后它显示帐户状态,IE。显示名称、UPN、电子邮件地址、密码是否已过期(以及何时过期)、密码锁定状态、帐户是否已过期(从不或日期或已过期日期)以及帐户是否已禁用。我正在尝试转换为 ASP.NET 和 C#。
我有以下内容:
protected void Page_Load(object sender, EventArgs e)
{
string strUserToSearchFor = (string)(Session["txbUserID"]);
string strUserDomain = (string)(Session["drpDomain"]);
string strDomainFQDN = "";
Dictionary<string, string> dicDomainFQDN = new Dictionary<string, string>();
dicDomainFQDN.Add("DOMAIN1", "DC=1,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN2", "DC=2,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN3", "DC=3,DC=domain,DC=com");
if (dicDomainFQDN.ContainsKey(strUserDomain.ToUpper()))
{
strDomainFQDN = dicDomainFQDN[strUserDomain.ToUpper()];
}
dicDomainFQDN.Clear();
AuthenticationTypes ADAT = AuthenticationTypes.Anonymous;
ADAT = AuthenticationTypes.Secure;
string strADSearchUsername = "username";
string strADSearchPassword = "password";
DirectoryEntry ADConn = ADConn = new DirectoryEntry("LDAP://" + strDomainFQDN, strADSearchUsername, strADSearchPassword, ADAT);
strADSearchUsername = string.Empty;
strADSearchPassword = string.Empty;
DirectorySearcher ADSearch = new DirectorySearcher(ADConn);
ADSearch.Filter = "maxPwdAge=*";
SearchResultCollection ADMaxPwdAgeResult = ADSearch.FindAll();
long intMaxPwdDays = 0;
if (ADMaxPwdAgeResult.Count >= 1)
{
Int64 intMaxPwdAge = (Int64)ADMaxPwdAgeResult[0].Properties["maxPwdAge"][0];
intMaxPwdDays = intMaxPwdAge / -864000000000;
}
ADMaxPwdAgeResult.Dispose();
ADSearch.SearchScope = SearchScope.Subtree;
ADSearch.PageSize = 1001;
ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + strUserToSearchFor + "))";
strUserToSearchFor = string.Empty;
SearchResult ADResult = ADSearch.FindOne();
if (ADResult != null)
{
string strName = "";
string strMail = "";
string strMobile = "";
string strUPN = "";
string strPwdLastSet = "";
string strPwdLocked = "";
string strAccountEpiryDate = "";
string strAccountDisabled = "";
strName = ADResult.Properties["displayName"][0].ToString();
strMail = ADResult.Properties["mail"][0].ToString();
strMobile = ADResult.Properties["mobile"][0].ToString();
strUPN = ADResult.Properties["userPrincipalName"][0].ToString();
if (ADResult.Properties["pwdLastSet"].Count > 0)
{
DateTime dtmPwdLastSet = new DateTime();
dtmPwdLastSet = DateTime.FromFileTime((Int64)(ADResult.Properties["pwdLastSet"][0]));
dtmPwdLastSet = dtmPwdLastSet.AddDays(intMaxPwdDays);
if (dtmPwdLastSet <= DateTime.Today)
{
strPwdLastSet = dtmPwdLastSet.ToString() + " (Expired)";
}
else
{
strPwdLastSet = dtmPwdLastSet.ToString();
}
}
else
{
strPwdLastSet = "Change at next logon";
}
...
虽然在那之后,我不确定如何锁定密码、禁用帐户和帐户到期日期(如果有的话)。
密码锁定我试过:
if (ADResult.Properties["IsAccountLocked"].Count > 0)
{
strPwdLocked = "Yes";
}
else
{
strPwdLocked = "No";
}
对于帐户过期,我尝试了与密码过期相同的方法,但没有发现有过期日期。在禁用帐户的情况下,我发现了一个可以解决问题的函数(我怀疑),但我不知道如何从我的脚本中调用该函数。
private bool IsActive(DirectoryEntry de)
{
if (de.NativeGuid == null) return false;
int flags = (int)de.Properties["userAccountControl"].Value;
return !Convert.ToBoolean(flags & 0x0002);
}
非常感谢任何帮助。
此外,由于我添加了最大密码年龄代码,因此页面需要 3 倍的时间。有没有办法更快地获得域的最长密码期限?
好的,我找到了禁用的部分:
DirectoryEntry ADEntry = ADResult.GetDirectoryEntry();
int intUserDisabled = (int)ADEntry.Properties["userAccountControl"].Value;
bool bolAccountDisabled = Convert.ToBoolean(intUserDisabled & 2);
if (bolAccountDisabled == true)
{
strAccountDisabled = "Yes";
}
这也有助于检查密码是否被锁定。
bool bolPasswordLocked = Convert.ToBoolean(intUserDisabled & 16);
仍然需要帐户到期日方面的帮助。
好的,知道了。
protected void Page_Load(object sender, EventArgs e)
{
string strUserToSearchFor = (string)(Session["txbUserID"]);
string strUserDomain = (string)(Session["drpDomain"]);
string strDomainFQDN = "";
Dictionary<string, string> dicDomainFQDN = new Dictionary<string, string>();
dicDomainFQDN.Add("DOMAIN1", "DC=1,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN2", "DC=2,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN3", "DC=3,DC=domain,DC=com");
if (dicDomainFQDN.ContainsKey(strUserDomain.ToUpper()))
{
strDomainFQDN = dicDomainFQDN[strUserDomain.ToUpper()];
}
AuthenticationTypes ADAT = AuthenticationTypes.Anonymous;
ADAT = AuthenticationTypes.Secure;
DirectoryEntry ADConn = ADConn = new DirectoryEntry("LDAP://" + strDomainFQDN, strADSearchUsername, strADSearchPassword, ADAT);
DirectorySearcher ADSearch = new DirectorySearcher(ADConn);
ADSearch.Filter = "maxPwdAge=*";
SearchResultCollection ADMaxPwdAgeResult = ADSearch.FindAll();
long intMaxPwdDays = 0;
if (ADMaxPwdAgeResult.Count >= 1)
{
Int64 intMaxPwdAge = (Int64)ADMaxPwdAgeResult[0].Properties["maxPwdAge"][0];
intMaxPwdDays = intMaxPwdAge / -864000000000;
}
ADSearch.SearchScope = SearchScope.Subtree;
ADSearch.PageSize = 1001;
ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + strUserToSearchFor + "))";
strUserToSearchFor = string.Empty;
SearchResult ADResult = ADSearch.FindOne();
if (ADResult != null)
{
DirectoryEntry ADEntry = ADResult.GetDirectoryEntry();
string strName = "";
string strMail = "";
string strMobile = "";
string strUPN = "";
string strPwdLastSet = "";
string strPwdLocked = "No";
string strAccountEpiryDate = "";
string strAccountDisabled = "No";
int intFlags = (int)ADEntry.Properties["userAccountControl"].Value;
strName = ADEntry.Properties["displayName"][0].ToString();
strMail = ADEntry.Properties["mail"][0].ToString();
strMobile = ADResult.Properties["mobile"][0].ToString();
strUPN = ADEntry.Properties["userPrincipalName"][0].ToString();
// Get the date the password was last set and check if it has expired
if (ADEntry.Properties["pwdLastSet"].Count > 0)
{
DateTime dtmPwdLastSet = new DateTime();
dtmPwdLastSet = DateTime.FromFileTime((Int64)(ADEntry.Properties["pwdLastSet"][0]));
dtmPwdLastSet = dtmPwdLastSet.AddDays(intMaxPwdDays);
if (dtmPwdLastSet <= DateTime.Today)
{
strPwdLastSet = dtmPwdLastSet.ToString() + " (Expired)";
}
else
{
strPwdLastSet = dtmPwdLastSet.ToString();
}
}
else
{
strPwdLastSet = "Change at next logon";
}
// Check if the password is locked
bool bolPwdLocked = Convert.ToBoolean(intFlags & 0x00000010);
if (bolPwdLocked == true)
strPwdLocked = "Yes";
// Check if the account has expired
if (ADResult.Properties["accountExpires"].Count > 0)
{
DateTime dtmAccountExpires = new DateTime();
dtmAccountExpires = DateTime.FromFileTime((Int64)(ADResult.Properties["accountExpires"][0]));
if (dtmAccountExpires <= DateTime.Today)
{
strAccountEpiryDate = dtmAccountExpires.ToString() + " (Expired)";
}
else
{
strAccountEpiryDate = dtmAccountExpires.ToString();
}
}
else
{
strAccountEpiryDate = "Never";
}
// Check if the account is disabled
bool bolAccountDisabled = Convert.ToBoolean(intFlags & 0x00000002);
if (bolAccountDisabled == true)
strAccountDisabled = "Yes";
}
}
我知道这个问题已经被问过几次了,但我还是 C# 的新手,不太了解如何使用为其他问题提供的答案。
我正在使用 .Net 4.5.1。
我有一个站点,您可以在其中输入域用户 ID 和域。我用 Classic ASP 和 VBScript 编写了网站。然后它显示帐户状态,IE。显示名称、UPN、电子邮件地址、密码是否已过期(以及何时过期)、密码锁定状态、帐户是否已过期(从不或日期或已过期日期)以及帐户是否已禁用。我正在尝试转换为 ASP.NET 和 C#。
我有以下内容:
protected void Page_Load(object sender, EventArgs e)
{
string strUserToSearchFor = (string)(Session["txbUserID"]);
string strUserDomain = (string)(Session["drpDomain"]);
string strDomainFQDN = "";
Dictionary<string, string> dicDomainFQDN = new Dictionary<string, string>();
dicDomainFQDN.Add("DOMAIN1", "DC=1,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN2", "DC=2,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN3", "DC=3,DC=domain,DC=com");
if (dicDomainFQDN.ContainsKey(strUserDomain.ToUpper()))
{
strDomainFQDN = dicDomainFQDN[strUserDomain.ToUpper()];
}
dicDomainFQDN.Clear();
AuthenticationTypes ADAT = AuthenticationTypes.Anonymous;
ADAT = AuthenticationTypes.Secure;
string strADSearchUsername = "username";
string strADSearchPassword = "password";
DirectoryEntry ADConn = ADConn = new DirectoryEntry("LDAP://" + strDomainFQDN, strADSearchUsername, strADSearchPassword, ADAT);
strADSearchUsername = string.Empty;
strADSearchPassword = string.Empty;
DirectorySearcher ADSearch = new DirectorySearcher(ADConn);
ADSearch.Filter = "maxPwdAge=*";
SearchResultCollection ADMaxPwdAgeResult = ADSearch.FindAll();
long intMaxPwdDays = 0;
if (ADMaxPwdAgeResult.Count >= 1)
{
Int64 intMaxPwdAge = (Int64)ADMaxPwdAgeResult[0].Properties["maxPwdAge"][0];
intMaxPwdDays = intMaxPwdAge / -864000000000;
}
ADMaxPwdAgeResult.Dispose();
ADSearch.SearchScope = SearchScope.Subtree;
ADSearch.PageSize = 1001;
ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + strUserToSearchFor + "))";
strUserToSearchFor = string.Empty;
SearchResult ADResult = ADSearch.FindOne();
if (ADResult != null)
{
string strName = "";
string strMail = "";
string strMobile = "";
string strUPN = "";
string strPwdLastSet = "";
string strPwdLocked = "";
string strAccountEpiryDate = "";
string strAccountDisabled = "";
strName = ADResult.Properties["displayName"][0].ToString();
strMail = ADResult.Properties["mail"][0].ToString();
strMobile = ADResult.Properties["mobile"][0].ToString();
strUPN = ADResult.Properties["userPrincipalName"][0].ToString();
if (ADResult.Properties["pwdLastSet"].Count > 0)
{
DateTime dtmPwdLastSet = new DateTime();
dtmPwdLastSet = DateTime.FromFileTime((Int64)(ADResult.Properties["pwdLastSet"][0]));
dtmPwdLastSet = dtmPwdLastSet.AddDays(intMaxPwdDays);
if (dtmPwdLastSet <= DateTime.Today)
{
strPwdLastSet = dtmPwdLastSet.ToString() + " (Expired)";
}
else
{
strPwdLastSet = dtmPwdLastSet.ToString();
}
}
else
{
strPwdLastSet = "Change at next logon";
}
...
虽然在那之后,我不确定如何锁定密码、禁用帐户和帐户到期日期(如果有的话)。
密码锁定我试过:
if (ADResult.Properties["IsAccountLocked"].Count > 0)
{
strPwdLocked = "Yes";
}
else
{
strPwdLocked = "No";
}
对于帐户过期,我尝试了与密码过期相同的方法,但没有发现有过期日期。在禁用帐户的情况下,我发现了一个可以解决问题的函数(我怀疑),但我不知道如何从我的脚本中调用该函数。
private bool IsActive(DirectoryEntry de)
{
if (de.NativeGuid == null) return false;
int flags = (int)de.Properties["userAccountControl"].Value;
return !Convert.ToBoolean(flags & 0x0002);
}
非常感谢任何帮助。
此外,由于我添加了最大密码年龄代码,因此页面需要 3 倍的时间。有没有办法更快地获得域的最长密码期限?
好的,我找到了禁用的部分:
DirectoryEntry ADEntry = ADResult.GetDirectoryEntry();
int intUserDisabled = (int)ADEntry.Properties["userAccountControl"].Value;
bool bolAccountDisabled = Convert.ToBoolean(intUserDisabled & 2);
if (bolAccountDisabled == true)
{
strAccountDisabled = "Yes";
}
这也有助于检查密码是否被锁定。
bool bolPasswordLocked = Convert.ToBoolean(intUserDisabled & 16);
仍然需要帐户到期日方面的帮助。
好的,知道了。
protected void Page_Load(object sender, EventArgs e)
{
string strUserToSearchFor = (string)(Session["txbUserID"]);
string strUserDomain = (string)(Session["drpDomain"]);
string strDomainFQDN = "";
Dictionary<string, string> dicDomainFQDN = new Dictionary<string, string>();
dicDomainFQDN.Add("DOMAIN1", "DC=1,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN2", "DC=2,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN3", "DC=3,DC=domain,DC=com");
if (dicDomainFQDN.ContainsKey(strUserDomain.ToUpper()))
{
strDomainFQDN = dicDomainFQDN[strUserDomain.ToUpper()];
}
AuthenticationTypes ADAT = AuthenticationTypes.Anonymous;
ADAT = AuthenticationTypes.Secure;
DirectoryEntry ADConn = ADConn = new DirectoryEntry("LDAP://" + strDomainFQDN, strADSearchUsername, strADSearchPassword, ADAT);
DirectorySearcher ADSearch = new DirectorySearcher(ADConn);
ADSearch.Filter = "maxPwdAge=*";
SearchResultCollection ADMaxPwdAgeResult = ADSearch.FindAll();
long intMaxPwdDays = 0;
if (ADMaxPwdAgeResult.Count >= 1)
{
Int64 intMaxPwdAge = (Int64)ADMaxPwdAgeResult[0].Properties["maxPwdAge"][0];
intMaxPwdDays = intMaxPwdAge / -864000000000;
}
ADSearch.SearchScope = SearchScope.Subtree;
ADSearch.PageSize = 1001;
ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + strUserToSearchFor + "))";
strUserToSearchFor = string.Empty;
SearchResult ADResult = ADSearch.FindOne();
if (ADResult != null)
{
DirectoryEntry ADEntry = ADResult.GetDirectoryEntry();
string strName = "";
string strMail = "";
string strMobile = "";
string strUPN = "";
string strPwdLastSet = "";
string strPwdLocked = "No";
string strAccountEpiryDate = "";
string strAccountDisabled = "No";
int intFlags = (int)ADEntry.Properties["userAccountControl"].Value;
strName = ADEntry.Properties["displayName"][0].ToString();
strMail = ADEntry.Properties["mail"][0].ToString();
strMobile = ADResult.Properties["mobile"][0].ToString();
strUPN = ADEntry.Properties["userPrincipalName"][0].ToString();
// Get the date the password was last set and check if it has expired
if (ADEntry.Properties["pwdLastSet"].Count > 0)
{
DateTime dtmPwdLastSet = new DateTime();
dtmPwdLastSet = DateTime.FromFileTime((Int64)(ADEntry.Properties["pwdLastSet"][0]));
dtmPwdLastSet = dtmPwdLastSet.AddDays(intMaxPwdDays);
if (dtmPwdLastSet <= DateTime.Today)
{
strPwdLastSet = dtmPwdLastSet.ToString() + " (Expired)";
}
else
{
strPwdLastSet = dtmPwdLastSet.ToString();
}
}
else
{
strPwdLastSet = "Change at next logon";
}
// Check if the password is locked
bool bolPwdLocked = Convert.ToBoolean(intFlags & 0x00000010);
if (bolPwdLocked == true)
strPwdLocked = "Yes";
// Check if the account has expired
if (ADResult.Properties["accountExpires"].Count > 0)
{
DateTime dtmAccountExpires = new DateTime();
dtmAccountExpires = DateTime.FromFileTime((Int64)(ADResult.Properties["accountExpires"][0]));
if (dtmAccountExpires <= DateTime.Today)
{
strAccountEpiryDate = dtmAccountExpires.ToString() + " (Expired)";
}
else
{
strAccountEpiryDate = dtmAccountExpires.ToString();
}
}
else
{
strAccountEpiryDate = "Never";
}
// Check if the account is disabled
bool bolAccountDisabled = Convert.ToBoolean(intFlags & 0x00000002);
if (bolAccountDisabled == true)
strAccountDisabled = "Yes";
}
}