Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

LDAP user changing password? #6443


User avatar
0
fguo created

I am using Core + Angular version with LDAP enabled. After an AD user click “Forgot password”, we got two issues:

The first issue occurs on user changing password. The link on "password reset" email is actually two url delimited by a comma, likes: https://login.company.com/, http:/login.company.com/account/reset-password?userId=12345&resetCode=044D43ACE0&tenantId=1

When user click this link, it opens the reset page, but immediately redirected to a blank page, which actually is the first url (i.e. https://login.company.com). So the user has no chance to change her password. A workaround is that, copy the 2nd url and paste it on a browser. It opens a password reset page, but it will stay on the reset page. We need manually close the browser and re-open the home page for login. We tried Chrome and Edge and get same behavior.

The 2nd issue occurs after the password changed. After the user changes her old password (e.g. password0) to a new password(e.g. password1), both passwords are valid. I guess the new password does not PUSH to AD. When the user uses password0, she is treated as an AD user, and if she uses password1, she is treated as a local user. Is this a bug or by design?

Thanks,


3 Answer(s)
  • User Avatar
    0
    aaron created
    Support Team

    I guess the new password does not PUSH to AD.

    Correct.

    When the user uses password0, she is treated as an AD user, and if she uses password1, she is treated as a local user. Is this a bug or by design?

    She is treated as the same local user in both cases, but ABP does TryLoginFromExternalAuthenticationSources first. This is by design.

  • User Avatar
    0
    fguo created

    Thank you for clarification!

    I couldn't search out TryLoginFromExternalAuthenticationSources in my copies. Is this encapsulated in ABP? Can I see the source code about it?

  • User Avatar
    0
    aaron created
    Support Team

    Yes, ABP is open source.

    https://github.com/aspnetboilerplate/aspnetboilerplate/blob/5e3c7aea7a2b5f0f94133f7c2dca485fb51e28e4/src/Abp.ZeroCore/Authorization/AbpLoginManager.cs#L282-L337