Password changes: Forms Authentication & AD membership provider

Discussion in 'ASP .Net Security' started by am, Aug 22, 2007.

  1. am

    am Guest

    I'm looking for some guidance on expected behaviour concerning password
    changes.


    The application is a virtual desktop connection broker and is comprised of:

    1. Forms authenticated web site, using the Active Directory membership
    provider. Hosts MSRDP ActiveX.

    2. Remoting service that brokers virtual desktop connections.

    3. Virtual Server farms hosting virtual desktops.


    The application works as follows:

    1. User logs in to the web form.

    2. Web application communicates with broker service to retrieve the
    appropriate virtual desktop name.

    3. User is forwarded to a web page hosting the MSRDP ActiveX and is
    connected to the virtual desktop.

    4. Use logs in using the same account that was used to authenticate to the
    web site.

    5. When the virtual desktop session is terminated, the user is forwarded
    back to the default page of the web site.


    My question is related to the following scenario:

    1. User completes steps 1. – 4. described above.

    2. User changes password within the virtual desktop.

    3. User logs out of virtual desktop and is forwarded to the default page.


    What would be the expected result?

    If the site was using integrated authentication I would expect this to
    result in an account lockout as the credentials provided to Internet Explorer
    when originally prompted would now be out of date. Is this assumption correct?

    Thanks,

    Alex
     
    am, Aug 22, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.