The password validation process is modified in version 2.7.809.10. If your application uses a version older than 2.7.809.10 and you want to use a version greater than or equals to this version, you should check if your authentication process remains compatible with this version.
This modification allows to improve the account management. Visual Guard no more locks user's accounts when users do not change a password not complying with the password policy. The account is only marked as MustChangeAtNextLogon and refuses all authentication attempts if the user does not change his password.
When the password does not comply with the password policy and it is the last grace logon, the authentication succeeds and returns the status:
VGAuthenticationStatus.PasswordExpired or VGAuthenticationStatus.PasswordDoesNotPassValidation | VGAuthenticationStatus.Success | VGAuthenticationStatus.LastGraceLogon | VGAuthenticationStatus.PasswordWillBeLocked
If the user attempts a new authentication without changing his password the account is locked out.
When the password does not comply with the password policy and all grace logons are used, the authentication fails and returns the status:
VGAuthenticationStatus.PasswordExpired ou VGAuthenticationStatus.PasswordDoesNotPassValidation | VGAuthenticationStatus.Failure | VGAuthenticationStatus.MustChangePasswordAtNextLogon
If the user attempts a new authentication without changing his password the authentication fails and returns always the same status.
VGAuthenticationState state = VGSecurityManager.Authenticate(userTextBox.Text, passwordTextBox.Text)
If state.IsFailed Then
If state.IsCanceled Then Return
If state.IsCredentialInvalid Then
If state.IsLastBadLogin Then
' According to the password policy, the next bad login will lock out the account
' Display a message indicating that is the last attempts before locking the accounts
Else
' The password or the user is invalid
' Display a message indicating that the password is invalid
End If
ElseIf state.IsUserNotAuthorized Then
' The credentials are valid but the user does not have any role in the application.
' Display a message indicating that the user is not authorized to access to this application
ElseIf state.IsUserAccountExpired Then
' The user account has expired.
' Display a message indicating that the user account has expired
ElseIf state.IsUserAccountNotYetAvailable Then
' Display a message indicating that the account is not yet available.
ElseIf state.IsUserAccountLockedOut Then
' Display a message indicating that the account is locked out.
ElseIf state.MustChangePasswordAtNextLogon Then
If state.PasswordSecure Then
' Display a message indicating that the password must be changed.
If state.IsPasswordExpired Then
' Display a message indicating that the password has expired and must be changed
Else
' Display a message indicating that the password does not comply with the password policy
End If
End If
' Force the user to change the password
If ChangePasswordProcessSucceeds Then
' Reauthenticate the user with the new password
End If
End If
' Stop the logon process.
Else
' The authentication Succeeds
If state.IsLastGraceLogon Then
' The account will be locked ou at next authentication if the user does not change the password.
If state.PasswordSecure Then
If state.IsPasswordExpired Then
' Display a message indicating that the password has expired and must be changed
Else
' Display a message indicating that the password does not comply with the password policy
End If
End If
' Force the user to change the password
If ChangePasswordProcessSucceeds Then
' Reauthenticate the user with the new password
End If
Else
If Not state.IsPasswordSecure Then
If state.IsPasswordExpired Then
' Display a message indicating that the password has expired and should be changed
Else
' Display a message indicating that the password does not comply with the password policy and should be changed
End If End If
End If
End If
Note: VGAuthenticationState.IsLastGraceLogon property and VGAuthenticationStatus.LastGraceLogon value are deprecated. These values are no longer used by Visual Guard.