locked
Login failed using Ldap authentication in c#.net RRS feed

  • Question

  • User1508030089 posted

    Hello,

     My application using LDAp Authentication. It works perfectly fine as long as the users are not prompted to change their network passwords. Every 4 months my company forces all the network users to change their passwords. Once they changed this network password. The application does not authenticate the users very well. Can you please suggest how I could resolve this issue? I have a doubt if it is getting cached some where and the application is trying to use that cached version of the password.

     

    thanks a lot for all your help.

     

    Wednesday, March 11, 2009 4:37 PM

Answers

  • User1191518856 posted

    Are you using integrated authentication (through the browser) or explicit authentication (through code)?

    In both cases, you need to consider the delay that may be when the DC:s replicate the password. If you change password against one DC, it might take a while before all DCs are in sync. But typically, this is only a few minutes of delay. Still, if they try to logon to your web app right after having changed their password, this might be the cause.

    Another thing to consider, if you're using integrated authentication through the browser, your users will need to logout and login to Windows again for the new credentials to actually be used. When you logon to Windows, your credentials will be cached for that logonsession. And if you are using integrated authentication, IE will pass the cached Windows credentials automatically. If you change password during your session, I'm don't think the cached credentials will actually be updated, so the old credentials will be passed automatically.

    Do your users experience problems, even if they explicitly try to logon with the new credentials? Can you describe the problem in more detail? THanks.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 13, 2009 6:38 PM

All replies

  • User1191518856 posted

    Are you using integrated authentication (through the browser) or explicit authentication (through code)?

    In both cases, you need to consider the delay that may be when the DC:s replicate the password. If you change password against one DC, it might take a while before all DCs are in sync. But typically, this is only a few minutes of delay. Still, if they try to logon to your web app right after having changed their password, this might be the cause.

    Another thing to consider, if you're using integrated authentication through the browser, your users will need to logout and login to Windows again for the new credentials to actually be used. When you logon to Windows, your credentials will be cached for that logonsession. And if you are using integrated authentication, IE will pass the cached Windows credentials automatically. If you change password during your session, I'm don't think the cached credentials will actually be updated, so the old credentials will be passed automatically.

    Do your users experience problems, even if they explicitly try to logon with the new credentials? Can you describe the problem in more detail? THanks.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 13, 2009 6:38 PM
  • User1508030089 posted

    Thanks a lot for your suggestion. I think this is exactly what is happening.  I  had a complaint from some users that, they are not able to log into the application. When I check the related tables in the data base everything is fine they are not locked out or they are still the domain users etc. So they should be able to login. But when I ask them if they changed their network password? most of them said yes. I thought the code had a problem, but sometimes they do everything simultaneously. Change the password when the session is running. When they try a few minutes later they might be able to login but they wont, as soon as it fails they just call me. It is hard to figure out sometimes if it is user error or the code error. I resolved this by changing my password several times and trying to login and it let me in every single time. So I walked upto them and just watched them when they changed the password and login into the application. And all I had to tell them was either wait for few minutes/ or logout of their computer  - log back in / clear their cache on the browser and relogin into the application. Sometimes they dont want to do that!

    However, my vague idea about the solution to this problem is actually well put here if I need to explain it to some other. Thanks again!

     

     

     

    Wednesday, April 15, 2009 10:38 AM