Changing User Password - Credential Problem

[- Steve -]

I'm trying to change a user's password using objUser.Invoke("setPassword",
"newpassword")

It works fine as a console application if I'm logged in with someone with
the correct permissions. If I'm logged in as a normal user it doesn't work,
even though call before that,

objUser.Username = "(e-mail address removed)"
objUser.Password = "adminpassword"

Obviously the ASP.NET account doesn't have permissions to change passwords
so how can I escalate my permissions for this one task?

-
Steve Evans
Email Services
SDSU Foundation

 

[bruce barker]

you should have the user pass the old password, then impersonate them, then
change password to new password., otherwise you need to impersonate a domain
admin


-- bruce (sqlwork.com)

 

[- Steve -]

This is for admins to reset users forgotten passwords, etc. So I don't know
the existing password of the account.

How can I impersonate another account? Preferably how do I get it to
execute under the context of the user that logged into IIS (it's protected
with basic authentication)

 

[Bruno Sirianni]

ASP.NET application for impersonate an account (if IIS have not Anonimous
access) must have a key in Web.Config. This key is Impersonate and the value
must be true.
In this way ASP.NET application have your permission on the machine and I
think that you can do what you want. User property of ASP.NET page can help
you for know logged user.

Brun