Asp.Net Forms authentication using Active Directory

[Egbert]

Hi.

I am using forms authentication in ASP.Net against Active Directory.

I have followed the example provided by Microsoft. Here is my problem.

Standard practise for AD Administrators is to flag the account to change the
password when he logs in. Also that passwords expire after 30 days.

If any of these conditions are true the sample code from MS simply returns
the error message: "Bad username or password". This happens the second the
code tries to bind to AD. It does not tell me that the user has to change his
password or that his password has expired but simple that it is a "Bad
username or password".

Has anyone come accross this or have any ideas.

*Ps I did not implement the portion of code where they create a generic
pricipal object etc as I do not need any other info from AD other than
checking the username or password. Could this have anything to do with the
problem?

 

[Joe Kaplan \(MVP - ADSI\)]

If the user needs to change password at next logon, you can't use a simple
LDAP bind to authenticate them, nor can you do the password change via LDAP.
They need to log on to Windows first to do this.

This is one of the many downsides of using LDAP to authenticate users. It
does work in some situations, but you don't get the full Windows
integration.

Joe K.