Changing Active Directory Password from ASP.Net Web Page

Discussion in 'ASP .Net Security' started by Chris Bingham, Sep 22, 2006.

  1. Hi,

    I’m trying to create a simple ASP.Net 2 web page to allow users to alter
    their Active Directory passwords, but I can’t seem to get it working and I
    was hoping someone might be able to help me please?
    Basically, the situation I’m in is this. I have a small, air-gapped network
    for a very limited number of users, about half of who work on Linux systems.
    To support them, I’m using Server 2003 R2 with ID Management for Uinx, and I
    had planned on using the Password Synchronisation components that come with
    IDMU to allow these users to change their passwords. However, the compiled
    versions that are supplied don’t work on Redhat Enterprise Linux 4 x64 (which
    the Linux systems are running), and the source code that comes with them
    won’t compile on it either.

    So my plan-b was the web page, and I eventually came up with the following
    code;

    Dim result As Boolean
    Dim ADConnect As New ActiveDirectoryMembershipProvider
    Dim config = New System.Collections.Specialized.NameValueCollection()

    config.Add("connectionStringName", "ADService")
    config.Add("connectionUsername", txtUserName.Text)
    config.Add("connectionPassword", txtCurPasswd.Text)
    config.Add("connectionProtection", "Secure")
    config.Add("enableSearchMethods", "true")
    ADConnect.Initialize(ADConnect.Name, config)
    result = ADConnect.ChangePassword(txtUserName.Text,
    txtCurPasswd.Text, txtNewPasswd1.Text)

    with ‘ADService’ being this code in the web.config file;

    <add name="ADService" connectionString="LDAP://Server.Lock-Martin.local"/>


    However, the result I get back off this (the value of ‘result’) is always
    ‘false’! I don’t get any error messages, anywhere, it just doesn’t work!!!

    I tested that I could connect to AD via LDAP OK using ldp and the same test
    user name & password I’d be testing the web page with, it connected OK and I
    could view the properties of the test user object.

    I tried disabling all of the password policy requirements, but it still
    fails! To be honest, I’m not really a proper programmer (I write occasional
    scripts, and know a little of VB.Net), and I’m out of ideas with this one!

    Any help o advice anyone can give would be greatly appreciated!

    Thanks,
    Chris
     
    Chris Bingham, Sep 22, 2006
    #1
    1. Advertising

  2. Chris Bingham

    Joe Kaplan Guest

    Is it important for you to use the AD membership provider to implement this,
    or are you willing/interested in just coding this functionality directly? I
    don't really know why the AD membership provider isn't working and isn't
    providing good feedback either, but you can definitely get more control over
    the situation by just calling the appropriate AD change password logic
    directly.

    There's actually a pretty thorough discussion of this topic in ch 10 of my
    book, which you can get as a free download from the website in my sig. You
    might want to check that out.

    Unfortunately, this all does sort of assume you are a developer, so it might
    be too much for you to take on.

    There is also built in functionality that ships with IIS 6 in the form of
    the password admin pages that you may just be able to use directly without
    having to code anything. That might be your best bet for a simple password
    change site.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Chris Bingham" <> wrote in message
    news:...
    > Hi,
    >
    > I'm trying to create a simple ASP.Net 2 web page to allow users to alter
    > their Active Directory passwords, but I can't seem to get it working and I
    > was hoping someone might be able to help me please?
    > Basically, the situation I'm in is this. I have a small, air-gapped
    > network
    > for a very limited number of users, about half of who work on Linux
    > systems.
    > To support them, I'm using Server 2003 R2 with ID Management for Uinx, and
    > I
    > had planned on using the Password Synchronisation components that come
    > with
    > IDMU to allow these users to change their passwords. However, the compiled
    > versions that are supplied don't work on Redhat Enterprise Linux 4 x64
    > (which
    > the Linux systems are running), and the source code that comes with them
    > won't compile on it either.
    >
    > So my plan-b was the web page, and I eventually came up with the following
    > code;
    >
    > Dim result As Boolean
    > Dim ADConnect As New ActiveDirectoryMembershipProvider
    > Dim config = New
    > System.Collections.Specialized.NameValueCollection()
    >
    > config.Add("connectionStringName", "ADService")
    > config.Add("connectionUsername", txtUserName.Text)
    > config.Add("connectionPassword", txtCurPasswd.Text)
    > config.Add("connectionProtection", "Secure")
    > config.Add("enableSearchMethods", "true")
    > ADConnect.Initialize(ADConnect.Name, config)
    > result = ADConnect.ChangePassword(txtUserName.Text,
    > txtCurPasswd.Text, txtNewPasswd1.Text)
    >
    > with 'ADService' being this code in the web.config file;
    >
    > <add name="ADService"
    > connectionString="LDAP://Server.Lock-Martin.local"/>
    >
    >
    > However, the result I get back off this (the value of 'result') is always
    > 'false'! I don't get any error messages, anywhere, it just doesn't work!!!
    >
    > I tested that I could connect to AD via LDAP OK using ldp and the same
    > test
    > user name & password I'd be testing the web page with, it connected OK and
    > I
    > could view the properties of the test user object.
    >
    > I tried disabling all of the password policy requirements, but it still
    > fails! To be honest, I'm not really a proper programmer (I write
    > occasional
    > scripts, and know a little of VB.Net), and I'm out of ideas with this one!
    >
    > Any help o advice anyone can give would be greatly appreciated!
    >
    > Thanks,
    > Chris
     
    Joe Kaplan, Sep 22, 2006
    #2
    1. Advertising

  3. Hi Joe,

    Thanks for your help!
    I had a look at your website & book, but I'm afraid it's a bit beyond me!! :(

    However, your comment about the IIS admin pages gave me an idea...
    They weren't suitable themselves, because what I needed to achieve was for
    users to be able to change their own passwords, but not anyone else’s. But,
    by cannibalising Microsoft’s code, I was able to come up with this;

    Dim objUser
    Dim strADSIPath
    Dim strServerName

    'Gets the ComputerName from the system
    strServerName = "Server_Nameâ€

    'sets the path to the user
    strADSIPath = "WinNT://" & strServerName & "/" &
    txtUserName.Text & ",user"

    'Gets the User from the system
    objUser = GetObject(strADSIPath)
    objUser.ChangePassword(txtCurPasswd.Text, txtNewPasswd1.Text)
    objUser.SetInfo()

    Session("Item1") = txtUserName.Text
    bolPasswdChanged = True
    objUser = Nothing

    which works!!

    Thanks again for your help, and I hope this code saves someone else all the
    time I spent on it!

    Thanks,
    Chris
     
    Chris Bingham, Oct 4, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joeri KUMBRUCK
    Replies:
    1
    Views:
    4,532
    Ben Lovell
    Aug 30, 2004
  2. moi
    Replies:
    1
    Views:
    8,172
  3. AAaron123
    Replies:
    2
    Views:
    2,214
    AAaron123
    Jan 16, 2009
  4. Ram...
    Replies:
    1
    Views:
    707
    Joe Kaplan
    Mar 23, 2008
  5. Joeri KUMBRUCK
    Replies:
    4
    Views:
    290
    Joeri KUMBRUCK
    Sep 1, 2004
Loading...

Share This Page