Issue with handling error related to Active Directory change password

0

I have a button and it's click event run's through various validation code and then calls the method `ChangePassword', if you pass the validation.

    public void ChangePassword(string userName, string oldPassword, string newPassword)
    {
        try
        {
            new ApplusActiveDirectoryUtil().CheckParameter(ref userName, true, true, false, 21, "User Name");

            DirectoryEntry userEntry = _directoryInfo.GetUserEntry(userName);
            userEntry.Invoke("ChangePassword", new Object[] { oldPassword, newPassword });
            //unlock account
            userEntry.Properties["LockOutTime"].Value = 0x0000;
            userEntry.CommitChanges();
            userEntry.Dispose();
            userEntry.Close();
        }
        catch (Exception ex)
        {
            _directoryInfo.Initialize();
            DirectoryEntry domainEntry = _directoryInfo.DomainDirectoryEntry;
            ApplusActiveDirectoryDomainPolicy domainPolicy = new ApplusActiveDirectoryDomainPolicy(_directoryInfo.DomainDirectoryEntry);
            string message = "Password entered was wrong or password entered was the same as the previous " + domainPolicy.PasswordHistoryLength + " passwords set.";
            throw new Exception(message, ex);
        }
    }

The issue I'm having is that this line...

userEntry.Invoke("ChangePassword", new Object[] { oldPassword, newPassword });

will give the error...

System.Runtime.InteropServices.COMException (0x80070056): The specified network password is not correct.

The error occurs when the user enters a password in a 'Current Password' textbox but it does not match their current password.

I have tried to handle this by doing..

   if (txtConfirmNewPassword.Text != user.Password)
   {
       SetChangePasswordMessage("Password entered was wrong");
   }

but from what I've read, it is not possible to retrieve a users AD password.

It is possible to gracefully handle this error without having to catch it?

c#
error-handling
active-directory
asked on Stack Overflow May 8, 2017 by MadDev

1 Answer

0

Thank's to Equalsk comment I have found a solution.

I needed to validate the credentials first. If the credentials are valid, then go ahead and call the ChangePassword method.

            bool IsValidate = Membership.ValidateUser(user.UserName, txtOldPassword.Text);
            if (!IsValidate)
            {
                SetChangePasswordMessage("Password entered was wrong or password entered was the same as the previous " + domain.PasswordHistoryLength + " passwords set.");
            }
            else
            {
                new ApplusActiveDirectoryMembership(admin.AdminADUserName, admin.AdminADPassword).ChangePassword(user.UserName, txtOldPassword.Text, txtConfirmNewPassword.Text);
                SetChangePasswordMessage("The password has been successfully changed.");
            }
answered on Stack Overflow May 8, 2017 by MadDev

User contributions licensed under CC BY-SA 3.0