What's inside? | Unosquare passcorepro
By geoperez - 9/4/2019
So you might be using passcorepro already, and you might ask yourself how is passcorepro changing a password? We both know there is not magic, only some old and good code working with well-known libraries to accomplish the task.
The core of passcorepro is the library Microsoft Directory Services, a .NET binding library around the Active Directory Services Interfaces (ADSI) technology. Although you may use another LDAP server as well.
With this library we use the following workflow, where we already have been logged:
- The first step is determine the type of user identifier we are receiving. This is why is very important to choose the proper user identifier in the Admin console. We recommend using the UPN type.
- We need to validate if the user is in place, so we make a LDAP call to get the user information.
- With the information of the user, we validate if she belongs to any group where changing password is invalid change password or not.
- Then, we checks the property "User Cannot Change Password", this is a blocker. So if the User Entry has this flag, we can't continue.
- There is a Setting named "Reset Last Password". If this flag is set, then the LDAP attribute will be modified to "-1". This value means that the user can change the password because is not expired. This is useful if the user has the password expired.
- A final check is performed to validate if the Password Complex policy is enabled and check if the password matches the minimum requirements.
- If all the previous actions are OK, then a
SetPasswordAPI is called to change the password.
This is what's inside the change password process.