.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

old and new password valid at the next logon

Posted By:      Posted Date: April 10, 2011    Points: 0   Category :Windows Application


I have a domain controller on windows 2008 server R2, The users are able to modify their password through a web page. Once it's done, the users are still able tu use the old password as well as the new one at the next logon. The old password is still active only one time after the change, after that it's no more possible to use it...

I invoke the "ChangePassword" function.

Any Idea ? Is it a parameter to configure on the server ? Is it cached somewhere on the computer of the users ?

Thank you in advance

Here is my code:


using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.DirectoryServices;
using System.Diagnostics;
using System.Text;
using System.Web.Security;
using System.Text.RegularExpressions;
using System.Web.Configuration;
using System.Net.Mail;
//using ActiveDs;

/// <summary>
/// Summary description for Ldap
/// </summary>
public class Ldap
	public Ldap()

    protected DirectoryEntry connectToLDap(String domain, String userName, String password)
        DirectoryEntry de=null;
            de = new DirectoryEntry("LDAP://" + domain);
            de.Username = userName;
            de.Password = password;
            de.AuthenticationType = AuthenticationTy

View Complete Post

More Related Resource Links

Securely Saving Windows Auto Logon Password in .NET


I'm trying to securely store a password for autologon in Windows through .NET.  There are lots of examples out there about how to securely store the password in C++ or about how to *insecurely* store the password in .NET.  But I can't find any examples that do it securely in .NET.

Here's the article that explains how to do this insecurely:

And in it there's a link to how to do it securely using C++:

Resetting user Password and setting User Must Change Password at next Logon with ASPX


Hi All,

I am having an issue with an asp.net project that I am doing and have been struggling with it for a while now and was hoping someone here might be able to help me out.

Basically what we are doing is resetting peoples passwords via a web page. I have got it to the point that it is resetting the users password but is not setting User Must Change Password at Next Logon in AD. Just so that I can save you time asking the lstOffice.Text in the Connection String is so that our Admin can select the office that the users profile is present in on the AD. 

The code is shown below (connection strings and users/passwords have been changed):

 Sub SetPassword()

        Dim de As New DirectoryEntry("LDAP://IP:389/ou=Layer1" + ", " + "ou =" + lstOffice.Text + ", " + "ou=Layer3,DC=1,DC=2,DC=com,DC=au")
        'authent for AD 
        de.AuthenticationType = AuthenticationTypes.Secure
        de.Username = "ADMIN"
        de.Password = "NotTh3realpassword"

            ' new directory searcher
            Dim ds As New DirectorySearcher(de)

            Dim mySearchResultColl As SearchResultCollection

            Dim mySearchResult As SearchResult
            '  ds.Filter = ("sAMAccountname = " + name)

2008 SSRS site prompting for Logon and Password


Have SSRS 2008 and SQL 2008 on one 2008 R2 server. If I go to http://servername/reports from the SSRS server the SSRS report site works. If I try from another server using http://servername/reports I'm prompted for username and password and after 3 attempts receive a blank page but if I use IP addreess instead of servername the SSRS site come up. On the SSRS server the rsreportserver config file has been changed to  RSWindowsKerberos and RSWindowsNegotiate authentication and SPN's have been setup for the SSRS server and SSRS service account (setspn.exe -a http/ServerName Domain\SSRS service account and setspn.exe -a http/ServerName FQDN\SSRS service account). The SSRS site has Domain\Users added with all rights.

Using a CompareValidator to check input is a valid date

The CompareValidator can do more than just compare two controls. You can also compare it against several of the main .net data types such as Date, Integer, Double and Currency.

To do this you would set Operator="DataTypeCheck" and instead of setting the ControlToCompare or ValueToCompare attributes as you normally would you use the Type="Date" (or any of the data types I have listed above).

How to Encrypt and Decrypt a Password using SQLSERVER 2005?(Video)

Encypt and Decrypt a Password using SQLSERVER 2005(Video)

symmetric key protected by a password

An alternative could be using a symmetric key protected by a password, as long as your application generates the CREATE SYMMETRIC KEY and OPEN SYMMETRIC KEY statements directly instead of calling them inside a SP (otherwise the password will still be passed as a parameter, and will be in clear in the profiler).

Use Membership but bypass / disable password usage for users


I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:

FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.

Is there a way to store users but disable password storage on the aspnet_membership table?

help needed: Ldap User authentication using userDN and password



Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.

ReportViewer :: Failed to enable constraints. But my statement is valid!!

  • A
  • n error has occurred during report processing.
      • Exception has been thrown by the target of an invocation.
        • Failed to enable constraints. One or more rows contain values violating non-null, unique, or foreign-key constraints.

    Why do I keep getting this error, even when not using any data on the report. When I run the query in SQL server I get a resultset. However when I try to render the report I get this error.


    Path not valid.



    im trying to save a file, filename as current date and time.it will give an error.

    any ideas.

    here is my code

    string datetime=DateTime.Now.ToString();

    if (GridviewtoCSV("~/Admin/doc/Reports/" + batchid.ToString() + datetime + ".csv", transactiongrid) && GridviewtoPDF("~/Admin/doc/Reports/" + batchid.ToString() + datetime + ".pdf", transactiongrid))

    Security: Safer Authentication with a One-Time Password Solution


    One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

    Dan Griffin

    MSDN Magazine May 2008

    Security Briefs: Password Minder Internals


    In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.

    Keith Brown

    MSDN Magazine October 2004

    Conversion from string to type 'Date' is not valid



    Im receiving a strange error Error Message: Conversion from string "15/08/2010 22:21:35" to type 'Date' is not valid.

    I know this is generally down to cultural date formats etc, however the reason this is strange is it just randomly occured twice in the last week, the website has been running since october and nothing has changed,

    The error constantly occured until the IIS was reset and recompilled the site, its been running fine since, however im just trying to figure out what could cause such an error to occur.

    I've narrowed it down to a line of code which is:

    bktime = DReader.Item("Bktime").ToString

    bktime = Year(CDate(bktime)) & "-" & fmt(Month(CDate(bktime)), 2) & "-" & fmt(Day(CDate(bktime)), 2)

    Has anyone else encountered this randomly occuring and is there anything i can put in place to prevent this in future?



    override error message (The value 'test' is not valid for Age) when input incorrect data type for in


    Hello everyone,

    I've tried to override error message when input incorrect data type in input field on HTML form. For example I have the model like this.

    public class Person
    public string FirstName {get;set;}
    public int Age {get;set;}


    For view, I put text input for Age to get it value.

    When type some string in Age text box like 'test' and press submit button. I got this error message

    The value 'xxx' is not valid for Age

    However, I want to change this message and try many way. There 's nothing effect this message value.

    Please could you help me to solve this problem.

    Force password expiration after x days


    Using C# and sqlmembershipprovider forms authentication, is there a way to force user password to expire and need to be reset after x number of days?

    So if a user launches the website login.aspx page, when they type their userid, it will check if the password is expired and direct them to a Resetpassword.aspx page?

    Password change control won`t accept new password


    Hi guys

    I am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in. 

    Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with. 

    Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping. 

    I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.

    So, I need your help with this. Please let me know your inputs.


    Problem with decrypt password


    hello everyone:



    I encryped password to the binary variable in sql server with this code:

     DataClasses1DataContext db = new DataClasses1DataContext();
                var info = new passdefine();
                info.username = TextBox1.Text;
                string strcry = TextBox2.Text;
                byte[] bt = new byte[strcry.Length];
                bt = System.Text.Encoding.UTF8.GetBytes(strcry);
                RSACryptoServiceProvider RSA1 =new RSACryptoServiceProvider();
                bt = RSA1.Encrypt(bt,false);
                info.password = bt;

    And it worked properly but when Want to decrypt it , I get this error:BAD DATA.  

    And I use this code:

    DataClasses1DataContext db=new DataClasses1DataContext();
                var info = from m in db.passdefines where m.username == TextBox1.Text select m;
                foreach (var item in info)
                    byte[] bt = new byte[item.password.length];
                    RSACryptoServiceProvider RSA1 = new RSACryptoServiceProvider();
                    bt = RSA1.Decrypt(item.password.ToArray(), false);
                    string pass = System.Text.Encoding.UTF8.GetString(bt);
    ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
    Sql Server  SharePoint  Silverlight  Others  All   

    Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend