After resetting a users password in Active Directory, if the user tries to log in using their old password, the following code validates as True:
Dim up As UserPrincipal = GetAdUser(objContext, arg_strBA, arg_strUsername)
If up IsNot Nothing Then
Dim valid As Boolean = up.Context.ValidateCredentials(
up.UserPrincipalName, arg_strPassword, ContextOptions.Negotiate)
If (valid) Then strReturn = up.SamAccountName
End If
We are resetting the password using the following code:
Dim objUser As New DirectoryEntry(arg_strLDAPPath)
If Not objUser Is Nothing Then
objUser.AuthenticationType = AuthenticationTypes.Secure
objUser.Invoke("SetPassword", arg_strNewPW)
objUser.CommitChanges()
end if
The password reset works fine and the user can log in with their new password, but their old password should not still validate.
When the above ValidateCredentials works for the old password, we are assigning the credentials to a web service call, which then fails with a "401: Unauthorized" error.
Anyone seen anything like this?
Thanks Dirk