Web service access fails when users password is in warning period

Posted by uSlackr on Server Fault See other posts from Server Fault or by uSlackr
Published on 2010-04-14T16:37:24Z Indexed on 2010/04/14 16:43 UTC
Read the original article Hit count: 228

Filed under:

iis

|

password

We have a number of locally installed .Net apps that communicate via web services. Authentication in IIS is handled by Windows Authentication so no additional login is required. We recently began seeing a problem where users are getting a application 403 error when there password is 14 days (or less) from expiring.

As this sometime happens in the the middle of the day (login in the morning OK, but password reaches <14 days during the day), this comes as a surprise as they haven't been warned to change their password. Of course, one would expect they should be able to work until the password is expired.

Any idea on what could be happening here? Why would IIS reject a login if the passsword hasn't actually expired? Can we change that behaviour?

Thanks

\\Greg

© Server Fault or respective owner

Related posts about iis

How to find and fix issue with Pound and HAProxy

as seen on Server Fault - Search for 'Server Fault'
Pound sits in front of HAProxy (on the same box) to perform SSL off-load. Requests are passed to 127.0.0.1:80 where HAProxy then balances the requests across backend servers for a hosted ASP .NET web app. A user is getting HTTP error 500 (Internal Server Error) returned to their browser this morning… >>> More
How to migrate deploy RESTful WCF Web Service from IIS 6.0 to IIS 7.0

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I have a WCF Restful Web Service. It works find under VS and IIS 6.0. Now I want to move it to another work station with IIS 7.0 on it. I tried to copy all the deploy file from IIS 6 to IIS 7, but it cannot be accessed by other client, except for the request from it's own machine. I don't… >>> More
Server with IIS and Apache - how to SSL encrypt Apache with IIS

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 box already setup and working with IIS 6. IIS is set to serve a site out over both HTTP and HTTPS connections using default ports. For various reasons I need to set Apache up on the same server and it needs to serve its pages to end-users as SSL encrypted HTTPS pages… >>> More
Having IIS remote management problem with my vista machine managing Server 2008 IIS 7.5

as seen on Server Fault - Search for 'Server Fault'
I am trying to use IIS 7 Remote Management installed on Vista Ultimate SP1. Connection is to IIS 7.5 on Windows Server 2008 Webserver R2. Tried on both full & core install. When I connect up, the console wants to download and install new features. Microsoft.Web.Management.IisClient 7.5.0.0 Microsoft… >>> More
MVC4 App opens with directory listing and gives a 404 for any direct URL's entered in the browser

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've just deployed a previously (on my local IIS) working MVC4 app to IIS 7.5 on the dev server. After tweaking this and that - one knows how these things get forgotten - the app finally launches, but shows a directory listing of the app root. Clicking on most links there works, opening the directory… >>> More

Related posts about password

remember password is not filling the password field automatically

as seen on Stack Overflow - Search for 'Stack Overflow'
IE is not filling the password field automatically when i click on the bookmarked url. But it's working on firefix,chrome etc. I tried with autocomplete="on" but no use. IE will fill the password only When i select a usename from the possible user names which the browser had kept for each login.… >>> More
Lost shell password: change user password from root

as seen on Super User - Search for 'Super User'
Hi. I recently accidentally forgot my user password to my shell. I know the root password. How do I change the user password? I figure it's something like $su root $passwd -[something] username but I can't get it to work. Halp pls? >>> More
[GEEK SCHOOL] Network Security 1: Securing User Accounts and Passwords in Windows

as seen on How to geek - Search for 'How to geek'
This How-To Geek School class is intended for people who want to learn more about security when using Windows operating systems. You will learn many principles that will help you have a more secure computing experience and will get the chance to use all the important security tools and features that… >>> More
Membership Generate Password alphanumeric only password?

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I use Membership.GeneratePassword to return a password that ONLY contains alpha or numeric characters? The default method will only guarantee a minimum and not a maximum number of non alphanumeric passwords. I have the solution already but thought I'd share for future visitors. .. Answer… >>> More
Password Recovery without sending password via email

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I've been playing with asp:PasswordRecovery and discovered I really don't like it, for several reasons: 1) Alice's password can be reset even without having access to Alice's email. A security question for password resets mitigates this, but does not really satisfy me. 2) Alice's new password… >>> More