Creating Password Extensions

MIIS allows you to programmatically manage passwords with a component that you create called a password extension. The password extension works in conjunction with the Microsoft Password Change Notification Service (PCNS) to capture password changes from Active Directory and propagate these changes to other connected data sources. For more information, see Password management in the Microsoft Identity Integration Server 2003 Service Pack 1 (SP1) Help.

A password extension is a Microsoft .NET Framework class library, which is a dynamic link library (DLL) that implements one or more classes and the IMAPasswordManagement interface.

Microsoft Identity Integration Server 2003 SP1 performs the following steps when running a password extension:

1. Opens the class library DLL specified in the Extension name text box of the Password Management group in the Configure Extensions dialog box of the management agent properties.
2. Loads the extension object by finding a class that implements the IMAPasswordManagement interface.
3. Initializes the extension.
4. Calls the appropriate class methods.
5. Terminates the extension when the IMAPasswordManagement.EndConnectionToServer() method unloads the extension object and closes the class library DLL.

This topic has the following sections:

• Implementing the Interfaces
• Exceptions

Implementing the Interfaces

A password extension must implement the IMAPasswordManagement interface and the following methods from the Microsoft.MetadirectoryServices namespace:

• BeginConnectionToServer

• ChangePassword

• EndConnectionToServer

• GetConnectionSecurityLevel

• RequireChangePasswordOnNextLogin

  Note  Although this method is not used in Microsoft Identity Integration Server 2003 SP1, you must still implement this method. You can implement this method by throwing the EntryPointNotImplementedException exception in this method.

• SetPassword

The following examples show an entire class declaration for a password extension:

    Imports Microsoft.MetadirectoryServices
    
    Public Class Sample_Password_Extension
    Implements IMAPasswordManagement
    
    Public Sub BeginConnectionToServer(ByVal connectTo As String, _
        ByVal user As String, _
        ByVal password As String) _
        Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.BeginConnectionToServer
    End Sub
    
    Public Sub ChangePassword(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _
        ByVal OldPassword As String, _
        ByVal NewPassword As String) _
        Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.ChangePassword
    End Sub
    
    Public Sub EndConnectionToServer() _
        Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.EndConnectionToServer
    End Sub
    
    Public Function GetConnectionSecurityLevel() As Microsoft.MetadirectoryServices.ConnectionSecurityLevel _
        Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.GetConnectionSecurityLevel
    End Function
    
    Public Sub RequireChangePasswordOnNextLogin(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _
        ByVal fRequireChangePasswordOnNextLogin As Boolean) _
        Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.RequireChangePasswordOnNextLogin
        ' This method is not used by this version of ILM 2007 FP1.
        Throw New EntryPointNotImplementedException
    End Sub
    
    Public Sub SetPassword(ByVal csentry As Microsoft.MetadirectoryServices.CSEntry, _
        ByVal NewPassword As String) _
        Implements Microsoft.MetadirectoryServices.IMAPasswordManagement.SetPassword
    End Sub
    
    End Class

    using System;
    using Microsoft.MetadirectoryServices;
    
    namespace SamplePasswordExtension
    {
        /// <summary>
        /// Summary description for Class1.
        /// </summary>
        public class Sample_Password_Class : IMAPasswordManagement
        {
            public Sample_Password_Class()
            {
                //
                // TODO: Add constructor logic here
                //
            }
            public void BeginConnectionToServer(String connectTo, 
                String user, String password)
            {
                throw new EntryPointNotImplementedException();
            }
            
            public void ChangePassword(CSEntry csentry, String OldPassword,
                String NewPassword)
            {
            
            }
            
            public void EndConnectionToServer()
            {
      
            }
                   
            public ConnectionSecurityLevel GetConnectionSecurityLevel()
            {
            
            }
            
            public void RequireChangePasswordOnNextLogin(CSEntry csentry,
                Boolean fRequireChangePasswordOnNextLogin)
            
            {
            
                // This method is not used in this version.
                throw new EntryPointNotImplementedException();
                
            }
            
            public void SetPassword(CSEntry csentry, String NewPassword)
                                   
            {
                    
            }   
        } 
    }

Exceptions

The Microsoft.MetadirectoryServices namespace defines the following exceptions that are specific to password extensions. For information about when the exceptions should be thrown or caught, see Exceptions.

• AccessDeniedException
• BadServerCredentialsException
• EntryPointNotImplementedException
• EndConnectionException
• ObjectTypeNotSupportedException
• PasswordExtensionException
• PasswordIllFormedException
• PasswordPolicyViolationException
• ServerDownException

See Also

Creating a Password Extension in Visual Basic .NET
Creating a Password Extension in C#

Send comments about this topic to Microsoft

Build date: 2/16/2009