Active Directory Incorrect password attempts double counting
Posted
by Hidayath
on Stack Overflow
See other posts from Stack Overflow
or by Hidayath
Published on 2009-06-18T15:03:48Z
Indexed on
2010/04/08
16:03 UTC
Read the original article
Hit count: 172
active-directory
|c#
Hi I am using the following C# code to connect to active directory and validate the login,
DirectoryEntry de = new DirectoryEntry();
string username = "myuser", path = "LDAP://addev2.dev.mycompany.com/CN=myuser,DC=dev,DC=mycompany,DC=com", password = "test";
for (int i = 0; i < 4;i++ )
{
try
{
de.AuthenticationType = AuthenticationTypes.Sealing | AuthenticationTypes.Secure | AuthenticationTypes.FastBind;
de.Username = username;
de.Password = password;
de.Path = path;
//de.RefreshCache();
Object obj = de.NativeObject;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
this works fine when the password is correct. However when the password is incorrect this shows as 2 invalid attempts in AD. So what happens is when the AD admin allows 5 invalid attempts the user is locked out on the 3rd attempt. when i look in the AD's event log 1 see 2 entries.
1)Pre-authentication failed:
2)Logon attempt by:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: [email protected]
Source Workstation: WKSXXXX
Error Code: 0xC000006A
Stepping thro the code i see 2 event entries on the line
de.RefreshCache()
I tried using de.NativeObject to see if that would solve the problem. No Dice
Anyone have any pointers?
© Stack Overflow or respective owner