Web Service question...

[Guest]

Hi everyone,

I had this strange problem. We are using web services for our entreprise
applications. We are using IIS as the host for our webservices and IIS is
configured to use integrated authentication.

The problem arise when the user's password changes and he has not done it at
logon time. So it seams that at that specific time, the transaction goes to
IIS and bounces back with an http status 401: Unauthorized.

Since we cannot force the user to change his password at logon time on
WinXP, is there a way to protect ourself in making a web service transaction
in order for it not to return an http 401: unautorized?

Can someone explain how this process is working?

Any snippet of code supporting the solution?

Thank's for any help.

 

[Ray Cassick \(Home\)]

Hi everyone,

Since we cannot force the user to change his password at logon time on
WinXP, is there a way to protect ourself in making a web service
transaction
in order for it not to return an http 401: unautorized?

???

Yes you can. When it expires they should not be allowed to log on. That
should stop them from executing the web service.

 

[Ray Cassick \(Home\)]

Hi everyone,

The problem arise when the user's password changes and he has not done it
at
logon time. So it seams that at that specific time, the transaction goes
to
IIS and bounces back with an http status 401: Unauthorized.

Oh, you mean when they change it once they are logged in and just use the
Ctrl-Alt-Del window to change their password?

That does not work when accessing a web service?

Hmmmm

 

[Cor Ligthert [MVP]]

Luc,

Do you know that there are special active newsgroups for webserver
questions?

Cor

 

[Guest]

Yeah thank's. Have already done that but no traffic on this discussion
group. Had no answer there but as you can see, there is here.

 

[Guest]

Thank's. Is there a policy that exist on AD that specifies that at the last
day, it is not possible to log on without changing the password? If so?
where?

 

[Ray Cassick \(Home\)]

No, but once the password does actually expire they are not allowed to log
on until they get a new one

I would think that perhaps you could write some VB script code to force
someone to change their password, or maybe you would have to hackup a custom
GINA to do it.

 

[Ray Cassick \(Home\)]

Hmm actually I should look into this more because where I work there is a
warning box that pops up telling people that their password is about to
expire and asking them if they want to change it. Should not be too hard to
hook into that and force it.

 

[Guest]

Well that's exactly what I want. When this popup is displayed on the last
day, not to allow the person to be able to log on until he make a passsword
change. That's exactly the idea.

If there is a way to do it, I would greatly appreciate.

Thank's

 

[Ray Cassick \(Home\)]

Maybe this will help point to a way.

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=4755

Think about this in a logoff script that checks (somehow) to see if their
password will expire tomorrow and if it does set the bit that forces them to
change their password at the next logon.

Here is another tool (Amod) that seems like it might help.

http://www.joeware.net/win/free/tools/admod.htm

 

[Guest]

Thank's for the answer. This will probably help.

 

[Major Dick]

Maybe I'm missing the point entirely but...in your webservice you can
use the VB.NET code at the following location:

http://support.microsoft.com/default.aspx?scid=kb;en-us;323750

to inquire as to the expiration date of the users' password. From there
you can log to the event log that you prommpted the user to change the
password & any other events that may be of interest (like changing the
password).

There are methods available in Active Directory for you to effect the
change to the password from your web application.