Is possible Three attempt in Directory Entry Class

[sameem]

Hi All,

Im using windows athentication, Visual Studio 2005 and Windows XP, . I have
written code like below. This code is working fine when Im giving right user
name and password. If password is wrong in first attempt that got lock for my
Active Directory user. My requirement is, three attempt if password is wrong
like OS windows security policy to allow the user upto three attempt.

This is my code
------------------
Dim a As New DirectoryEntry("GC://domainname", Session("UName"),
Session("PWord"), AuthenticationTypes.Secure)
Dim searcher As New DirectorySearcher.FindOne()
Dim MyResultPropColl As ResultPropertyCollection(a,
"(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
Session("UName") + ")(!userAccountControl:1.2.850.113556.1.4.803:=2))") ',
"(&(anr=a-driches)(objectCategory=person))")
Dim sr As SearchResult = searcher. = sr.Properties
Dim myKey As String
For Each myKey In MyResultPropColl.PropertyNames
For Each mycollection As Object In MyResultPropColl(myKey)
If myKey = "memberof" Then
Cn.Add(mycollection.ToString)
End If
Next
Next

what shall I do for three attempt?

Regards,

 

[Joe Kaplan]

What format is the username in? You need to use a qualified username format
if you want to prevent multiple bind attempts from happening.

A lockout threshold of 3 is also way too low and quite a bit outside of
Microsoft's guidelines. It might be a good idea to raise that concern with
your administrators.

 

[sameem]

User Name format is Active Directory User Account.

My requirement is, three attempt will occur if password is wrong in First
and Secord attempt like OS windows IT Security policy. Like in third attempt
AD User try to logon with wrong Password that attempt should get lock.

Yet I have tried to solve the problem with session count flag till third
attempt but in second attempt hit with wrong password in the following code
got into the lock.

Dim de As New DirectoryEntry("GC://DomainName", Session("UName"),
Session("PWord"), AuthenticationTypes.Secure)
Dim deSearch As DirectorySearcher = New DirectorySearcher()
deSearch.SearchRoot = de
deSearch.Filter =
"(&(objectCategory=user)(objectClass=person)(sAMAccountName=" +
Session("UName") + "))"
deSearch.SearchScope = SearchScope.Subtree
Dim results As SearchResult = deSearch.FindOne()

Explanation for what I have done:
Here Im using Session Flag for redirect to login page

1) First attempt with wrong Password that redirected to login page. Second
attempt with correct Password that allow to logon to site.

2) In Second attempt with wrong Password that redirected to login page.
Third attempt with Correct Password that not allowed to logon to site

For third attempt with correct user name and password got to lock that
implies in Second attempt with wrong password while hit the Directory Entry
that user account goes lock.

 

[Joe Kaplan]

If you use a qualified name format, ADSI should only do one bind attempt
instead of two. Use either domain\user or (e-mail address removed) (UPN format).

Note that you won't be able to tell if a user's account is locked by the
result of the bind attempt. It will return the same "unknown user or bad
password" error code.

Also, note that a lockout threshold of 3 is MUCH too low and is way outside
of Microsoft's best practices guidelines.

Joe K.