We are developing a web application that uses Form certification and ActiveDirectoryMembershipProvider to authenticate users against Active Directory is. We soon discovered that the provider does not allow specifying an empty / blank password, even if it is completely legal in Active Directory (unless a dormant password policy is available).
Reflector:
Private Zero checkpassword (string password, maximum maximize string, string alias) {if (password == empty) {New logic: NullException (paramName); } If (password rim () length; 1) {new argument expression (SR.GetString ("Parameter_can_not_be_empty", new object [] {paramName}), nickname); } If ((maxSize> 0) & amp; amp; (password; Lang & gt; MaxSize)) {New argument expression (SR.GetString ("parameter_key_long", new object [] {paramName, maxSize.ToString (CultureInfo.InvariantCulture)}), the nomenclature); }} To write your own custom provider is low, is there any way to override this functionality by using Net Magic?
I do not think that every method that you call this behavior by creating a derived class and calling the personal checkpayword method Can change without overheads. I will not recommend this option again, but I can suggest that you review your design and ask if it is the approval to allow empty password in your application. Although they are valid in the ED, it is unusual to permit practically and it affects other things in the network of windows, e.g. I suppose that the default settings for network file shares are denied by any user with an empty password connecting to the share.
Comments
Post a Comment