Is possible Three attempt in Directory Entry Class

Discussion in 'ASP .Net Security' started by sameem, Mar 18, 2008.

  1. sameem

    sameem Guest

    Hi All,

    Im using windows athentication, Visual Studio 2005 and Windows XP, . I have
    written code like below. This code is working fine when Im giving right user
    name and password. If password is wrong in first attempt that got lock for my
    Active Directory user. My requirement is, three attempt if password is wrong
    like OS windows security policy to allow the user upto three attempt.

    This is my code
    ------------------
    Dim a As New DirectoryEntry("GC://domainname", Session("UName"),
    Session("PWord"), AuthenticationTypes.Secure)
    Dim searcher As New DirectorySearcher.FindOne()
    Dim MyResultPropColl As ResultPropertyCollection(a,
    "(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
    Session("UName") + ")(!userAccountControl:1.2.850.113556.1.4.803:=2))") ',
    "(&(anr=a-driches)(objectCategory=person))")
    Dim sr As SearchResult = searcher. = sr.Properties
    Dim myKey As String
    For Each myKey In MyResultPropColl.PropertyNames
    For Each mycollection As Object In MyResultPropColl(myKey)
    If myKey = "memberof" Then
    Cn.Add(mycollection.ToString)
    End If
    Next
    Next

    what shall I do for three attempt?

    Regards,
    sameem, Mar 18, 2008
    #1
    1. Advertising

  2. sameem

    Joe Kaplan Guest

    What format is the username in? You need to use a qualified username format
    if you want to prevent multiple bind attempts from happening.

    A lockout threshold of 3 is also way too low and quite a bit outside of
    Microsoft's guidelines. It might be a good idea to raise that concern with
    your administrators.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "sameem" <> wrote in message
    news:...
    > Hi All,
    >
    > Im using windows athentication, Visual Studio 2005 and Windows XP, . I
    > have
    > written code like below. This code is working fine when Im giving right
    > user
    > name and password. If password is wrong in first attempt that got lock for
    > my
    > Active Directory user. My requirement is, three attempt if password is
    > wrong
    > like OS windows security policy to allow the user upto three attempt.
    >
    > This is my code
    > ------------------
    > Dim a As New DirectoryEntry("GC://domainname", Session("UName"),
    > Session("PWord"), AuthenticationTypes.Secure)
    > Dim searcher As New DirectorySearcher.FindOne()
    > Dim MyResultPropColl As ResultPropertyCollection(a,
    > "(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
    > Session("UName") + ")(!userAccountControl:1.2.850.113556.1.4.803:=2))") ',
    > "(&(anr=a-driches)(objectCategory=person))")
    > Dim sr As SearchResult = searcher. = sr.Properties
    > Dim myKey As String
    > For Each myKey In MyResultPropColl.PropertyNames
    > For Each mycollection As Object In MyResultPropColl(myKey)
    > If myKey = "memberof" Then
    > Cn.Add(mycollection.ToString)
    > End If
    > Next
    > Next
    >
    > what shall I do for three attempt?
    >
    > Regards,
    Joe Kaplan, Mar 19, 2008
    #2
    1. Advertising

  3. sameem

    sameem Guest

    User Name format is Active Directory User Account.

    My requirement is, three attempt will occur if password is wrong in First
    and Secord attempt like OS windows IT Security policy. Like in third attempt
    AD User try to logon with wrong Password that attempt should get lock.

    Yet I have tried to solve the problem with session count flag till third
    attempt but in second attempt hit with wrong password in the following code
    got into the lock.

    Dim de As New DirectoryEntry("GC://DomainName", Session("UName"),
    Session("PWord"), AuthenticationTypes.Secure)
    Dim deSearch As DirectorySearcher = New DirectorySearcher()
    deSearch.SearchRoot = de
    deSearch.Filter =
    "(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
    Session("UName") + "))"
    deSearch.SearchScope = SearchScope.Subtree
    Dim results As SearchResult = deSearch.FindOne()

    Explanation for what I have done:
    Here Im using Session Flag for redirect to login page

    1) First attempt with wrong Password that redirected to login page. Second
    attempt with correct Password that allow to logon to site.

    2) In Second attempt with wrong Password that redirected to login page.
    Third attempt with Correct Password that not allowed to logon to site

    For third attempt with correct user name and password got to lock that
    implies in Second attempt with wrong password while hit the Directory Entry
    that user account goes lock.


    "Joe Kaplan" wrote:

    > What format is the username in? You need to use a qualified username format
    > if you want to prevent multiple bind attempts from happening.
    >
    > A lockout threshold of 3 is also way too low and quite a bit outside of
    > Microsoft's guidelines. It might be a good idea to raise that concern with
    > your administrators.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > http://www.directoryprogramming.net
    > --
    > "sameem" <> wrote in message
    > news:...
    > > Hi All,
    > >
    > > Im using windows athentication, Visual Studio 2005 and Windows XP, . I
    > > have
    > > written code like below. This code is working fine when Im giving right
    > > user
    > > name and password. If password is wrong in first attempt that got lock for
    > > my
    > > Active Directory user. My requirement is, three attempt if password is
    > > wrong
    > > like OS windows security policy to allow the user upto three attempt.
    > >
    > > This is my code
    > > ------------------
    > > Dim a As New DirectoryEntry("GC://domainname", Session("UName"),
    > > Session("PWord"), AuthenticationTypes.Secure)
    > > Dim searcher As New DirectorySearcher.FindOne()
    > > Dim MyResultPropColl As ResultPropertyCollection(a,
    > > "(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
    > > Session("UName") + ")(!userAccountControl:1.2.850.113556.1.4.803:=2))") ',
    > > "(&(anr=a-driches)(objectCategory=person))")
    > > Dim sr As SearchResult = searcher. = sr.Properties
    > > Dim myKey As String
    > > For Each myKey In MyResultPropColl.PropertyNames
    > > For Each mycollection As Object In MyResultPropColl(myKey)
    > > If myKey = "memberof" Then
    > > Cn.Add(mycollection.ToString)
    > > End If
    > > Next
    > > Next
    > >
    > > what shall I do for three attempt?
    > >
    > > Regards,

    >
    >
    >
    sameem, Apr 4, 2008
    #3
  4. sameem

    Joe Kaplan Guest

    If you use a qualified name format, ADSI should only do one bind attempt
    instead of two. Use either domain\user or (UPN format).

    Note that you won't be able to tell if a user's account is locked by the
    result of the bind attempt. It will return the same "unknown user or bad
    password" error code.

    Also, note that a lockout threshold of 3 is MUCH too low and is way outside
    of Microsoft's best practices guidelines.

    Joe K.
    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "sameem" <> wrote in message
    news:...
    >
    > User Name format is Active Directory User Account.
    >
    > My requirement is, three attempt will occur if password is wrong in First
    > and Secord attempt like OS windows IT Security policy. Like in third
    > attempt
    > AD User try to logon with wrong Password that attempt should get lock.
    >
    > Yet I have tried to solve the problem with session count flag till third
    > attempt but in second attempt hit with wrong password in the following
    > code
    > got into the lock.
    >
    > Dim de As New DirectoryEntry("GC://DomainName", Session("UName"),
    > Session("PWord"), AuthenticationTypes.Secure)
    > Dim deSearch As DirectorySearcher = New DirectorySearcher()
    > deSearch.SearchRoot = de
    > deSearch.Filter =
    > "(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
    > Session("UName") + "))"
    > deSearch.SearchScope = SearchScope.Subtree
    > Dim results As SearchResult = deSearch.FindOne()
    >
    > Explanation for what I have done:
    > Here Im using Session Flag for redirect to login page
    >
    > 1) First attempt with wrong Password that redirected to login page. Second
    > attempt with correct Password that allow to logon to site.
    >
    > 2) In Second attempt with wrong Password that redirected to login page.
    > Third attempt with Correct Password that not allowed to logon to site
    >
    > For third attempt with correct user name and password got to lock that
    > implies in Second attempt with wrong password while hit the Directory
    > Entry
    > that user account goes lock.
    >
    >
    > "Joe Kaplan" wrote:
    >
    >> What format is the username in? You need to use a qualified username
    >> format
    >> if you want to prevent multiple bind attempts from happening.
    >>
    >> A lockout threshold of 3 is also way too low and quite a bit outside of
    >> Microsoft's guidelines. It might be a good idea to raise that concern
    >> with
    >> your administrators.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "sameem" <> wrote in message
    >> news:...
    >> > Hi All,
    >> >
    >> > Im using windows athentication, Visual Studio 2005 and Windows XP, . I
    >> > have
    >> > written code like below. This code is working fine when Im giving right
    >> > user
    >> > name and password. If password is wrong in first attempt that got lock
    >> > for
    >> > my
    >> > Active Directory user. My requirement is, three attempt if password is
    >> > wrong
    >> > like OS windows security policy to allow the user upto three attempt.
    >> >
    >> > This is my code
    >> > ------------------
    >> > Dim a As New DirectoryEntry("GC://domainname", Session("UName"),
    >> > Session("PWord"), AuthenticationTypes.Secure)
    >> > Dim searcher As New DirectorySearcher.FindOne()
    >> > Dim MyResultPropColl As ResultPropertyCollection(a,
    >> > "(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
    >> > Session("UName") + ")(!userAccountControl:1.2.850.113556.1.4.803:=2))")
    >> > ',
    >> > "(&(anr=a-driches)(objectCategory=person))")
    >> > Dim sr As SearchResult = searcher. = sr.Properties
    >> > Dim myKey As String
    >> > For Each myKey In MyResultPropColl.PropertyNames
    >> > For Each mycollection As Object In
    >> > MyResultPropColl(myKey)
    >> > If myKey = "memberof" Then
    >> > Cn.Add(mycollection.ToString)
    >> > End If
    >> > Next
    >> > Next
    >> >
    >> > what shall I do for three attempt?
    >> >
    >> > Regards,

    >>
    >>
    >>
    Joe Kaplan, Apr 4, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AtomicBob
    Replies:
    14
    Views:
    861
    Toby Inkster
    May 2, 2006
  2. Mike Owen

    Allowing entry of a Carriage Return during data entry

    Mike Owen, Jul 27, 2006, in forum: ASP .Net Web Controls
    Replies:
    3
    Views:
    685
    Alessandro Zifiglio
    Jul 27, 2006
  3. GMI
    Replies:
    3
    Views:
    484
    Tad McClellan
    Jun 19, 2005
  4. Noozer
    Replies:
    2
    Views:
    242
    Dr John Stockton
    Aug 1, 2005
  5. Uri Guttman
    Replies:
    5
    Views:
    1,254
    Ilya Zakharevich
    Jun 7, 2012
Loading...

Share This Page