Web service with expiring passwords

[JeffJ]

I have simple "Hello World" web service created by web service wizard.
I have put it onto IIS server. Remove Anonymous access.

Call it via a windows .net app:

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Dim x As New WindowsApplication1.hellow.Service1

Dim cache = New System.Net.CredentialCache

cache.Add(New Uri(x.Url), "Negotiate", _
New System.Net.NetworkCredential("user", "pword", "domain"))
x.Credentials = cache

TextBox1.Text = x.HelloWorld
End Sub

Works great until I set password must be reset on next logon. Then get 401:
Access Denied.
I have PasswordChangeFlags set 1.
I have IISadmpwd up and working in IIS.

So my question is. Is there a way to get web services to work with
PasswordChangedFlags and IISADMPWD?

We need to be able to force periodic password changes for use of our
webservice.

Thanks,

Jeff

 

[JeffJ]

At least on IIS on XP the web service just returns error 401: Access Denied.

I was looking for help to actually notify user password was expired and then
ability to change it. The users will ONLY ever interact via the web service
so no other way for them to ever know there password is or going to expire.

Sounds like someone else here has had different responce with 2003 server.
May have actually did a redirect at least. I haven't tried it.

Jeff

 

[JeffJ]

That would also be something that it should do.

But it will need to deal with expired too. Harder to test soon expiring as
need to have account that falls into that. Expiring in a few days isn't
something you can set on account. Need a full test domain to adjust max
password age.

 

[JeffJ]

Yes.
It works via web pages.

Technically does it work if you go to the "change password" url and change
your password ? What is the UI ? Not sure but IMO this a public page and you
have to type both your old and new password, that is technically you are NOT
logged until the password is changed.

Also perhaps the error uses an HTTP subcode that would tell that the
password expired ? (if you use OWA you could see how it react to see if it
is able to detect this).

It seems this is a not widely explored issue. Good luck.

According to
http://www.eggheadcafe.com/conversation.aspx?messageid=31045850&threadid=31045818
and the final response it looks like it worked without coding (not sure
though if the redirect was done automatically of if the guy just left out
this part).

Or perhaps http://support.microsoft.com/kb/833734/en-us and the application
and the password change virtual directory must run in the same application
pool.

I would test this first from a browser for interactive pages (possibly when
accesing the web service test page from a browser) to see it if seems to be
handled automatically. Then I would move to a web service called
programmatically.

Beyond that point you are on your own ;-) as I'm running out of thoughts
about this issue...