Tutorial :Active Directory Incorrect password attempts double counting



Question:

I am using the following C# code to connect to active directory and validate the login,

    DirectoryEntry de = new DirectoryEntry();       string username = "myuser", path = "LDAP://addev2.dev.mycompany.com/CN=myuser,DC=dev,DC=mycompany,DC=com", password = "test";      for (int i = 0; i < 4;i++ )      {            try          {                de.AuthenticationType = AuthenticationTypes.Sealing | AuthenticationTypes.Secure | AuthenticationTypes.FastBind;              de.Username = username;              de.Password = password;                de.Path = path;          //de.RefreshCache();              Object obj = de.NativeObject;          }          catch (Exception ex)          {              Console.WriteLine(ex.Message);          }  

this works fine when the password is correct. However when the password is incorrect this shows as 2 invalid attempts in AD. So what happens is when the AD admin allows 5 invalid attempts the user is locked out on the 3rd attempt. when i look in the AD's event log 1 see 2 entries.

1)Pre-authentication failed:

2)Logon attempt by:

MICROSOFT_AUTHENTICATION_PACKAGE_V1_0       Logon account: m0707b@dev.mycompany.com       Source Workstation: WKSXXXX       Error Code:    0xC000006A  

Stepping thro the code i see 2 event entries on the line

  de.RefreshCache()  

I tried using de.NativeObject to see if that would solve the problem. No Dice

Anyone have any pointers?


Solution:1

You might check out the System.DirectoryServices.AccountManagement namespace. You can access an account and then cast one of the methods it has into a DirectoryEntry object. It might get around your double-authentication problem and it's easier to use.


Solution:2

Finally found the answer to this perplexing issue when you use the format username@domain the IIS app uses 2 calls once using Kerebros and when that fails using NTLM causing a double count The fix is to use the following format for authentication domain\username and that fixed the issue. http://support.microsoft.com/kb/264678/EN-US/


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »