DirectoryServicesCOMException.ExtendedErrorMessage - List of data codes
I am creating a website that allows users to log in with their Active Directory accounts, and I want to tell the user why their login failed.
Background
Logins usually fail due to bad username / password, but they can also fail due to Expired password or their account being locked.
I am using this code to login:
public myCustomUserClass Login(string domainName, string username, string password)
{
string domainAndUsername = domainName + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(this._ldapPath, domainAndUsername, password);
myCustomUserClass user = new myCustomUserClass();
//Bind to the native AdsObject to force authentication.
try
{
object obj = entry.NativeObject;
// ...
return user;
}
catch (DirectoryServicesCOMException ex)
{
// why did the login fail?
}
catch (Exception ex)
{
// something else went wrong
}
}
When I receive DirectoryServicesCOMException
, I can get more information about the failed attempt to enter the property .ExtendedErrorMessage
. The two values ââI've seen so far:
Lockout:
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 775, v1db1
Bad username:
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
You can see that the attribute data
"appears to be unique. I can write code that retrieves it and then write a switch to it based on that."
Question
Is there a list of these codes anywhere I can use to make sure I cover everything?
source to share
After a day of searching for Microsoft resources regarding the relation, DirectoryServicesCOMException.ExtendedErrorMessage
I found another question here:
It links to the website found here, which includes several codes like this:
http://www-01.ibm.com/support/docview.wss?uid=swg21290631
Below is a list of error codes:
525 - user not found
52e - invalid credentials
530 - not permitted to logon at this time
531 - not permitted to logon at this workstation
532 - password expired
533 - account disabled
534 - The user has not been granted the requested logon type at this machine
701 - account expired
773 - user must reset password
775 - user account locked
source to share