Currently I authenticate users against some AD using the following code:
DirectoryEntry entry = new DirectoryEntry(_path, username, pwd);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry) { Filter = "(sAMAccountName=" + username + ")" };
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result == null)
{
return false;
}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
This works perfectly for validating a password against a username.
The problem comes in that a generic errors is always returned "Logon failure: unknown user name or bad password." when authentication fails.
However authentication might also fail when an account is locked out.
How would I know if it is failing because of it being locked out?
I've come across articles saying you can use:
Convert.ToBoolean(entry.InvokeGet("IsAccountLocked"))
or do something like explained here
The problem is, whenever you try to access any property on the DirectoryEntry, the same error would be thrown.
Any other suggestion of how to get to the actual reason that authentication failed? (account locked out / password expired / etc.)
The AD I connect to might not neccesarily be a windows server.