Changing User Password - Credential Problem

Discussion in 'ASP .Net' started by - Steve -, Apr 2, 2004.

  1. - Steve -

    - Steve - Guest

    I'm trying to change a user's password using objUser.Invoke("setPassword",
    "newpassword")

    It works fine as a console application if I'm logged in with someone with
    the correct permissions. If I'm logged in as a normal user it doesn't work,
    even though call before that,

    objUser.Username = ""
    objUser.Password = "adminpassword"

    Obviously the ASP.NET account doesn't have permissions to change passwords
    so how can I escalate my permissions for this one task?

    -
    Steve Evans
    Email Services
    SDSU Foundation
     
    - Steve -, Apr 2, 2004
    #1
    1. Advertising

  2. - Steve -

    bruce barker Guest

    you should have the user pass the old password, then impersonate them, then
    change password to new password., otherwise you need to impersonate a domain
    admin


    -- bruce (sqlwork.com)


    "- Steve -" <> wrote in message
    news:eC4VE#...
    > I'm trying to change a user's password using objUser.Invoke("setPassword",
    > "newpassword")
    >
    > It works fine as a console application if I'm logged in with someone with
    > the correct permissions. If I'm logged in as a normal user it doesn't

    work,
    > even though call before that,
    >
    > objUser.Username = ""
    > objUser.Password = "adminpassword"
    >
    > Obviously the ASP.NET account doesn't have permissions to change passwords
    > so how can I escalate my permissions for this one task?
    >
    > -
    > Steve Evans
    > Email Services
    > SDSU Foundation
    >
    >
     
    bruce barker, Apr 2, 2004
    #2
    1. Advertising

  3. - Steve -

    - Steve - Guest

    This is for admins to reset users forgotten passwords, etc. So I don't know
    the existing password of the account.

    How can I impersonate another account? Preferably how do I get it to
    execute under the context of the user that logged into IIS (it's protected
    with basic authentication)

    --

    Steve Evans
    Email Services
    SDSU Foundation


    "bruce barker" <> wrote in message
    news:%...
    > you should have the user pass the old password, then impersonate them,

    then
    > change password to new password., otherwise you need to impersonate a

    domain
    > admin
    >
    >
    > -- bruce (sqlwork.com)
    >
    >
    > "- Steve -" <> wrote in message
    > news:eC4VE#...
    > > I'm trying to change a user's password using

    objUser.Invoke("setPassword",
    > > "newpassword")
    > >
    > > It works fine as a console application if I'm logged in with someone

    with
    > > the correct permissions. If I'm logged in as a normal user it doesn't

    > work,
    > > even though call before that,
    > >
    > > objUser.Username = ""
    > > objUser.Password = "adminpassword"
    > >
    > > Obviously the ASP.NET account doesn't have permissions to change

    passwords
    > > so how can I escalate my permissions for this one task?
    > >
    > > -
    > > Steve Evans
    > > Email Services
    > > SDSU Foundation
    > >
    > >

    >
    >
     
    - Steve -, Apr 2, 2004
    #3
  4. ASP.NET application for impersonate an account (if IIS have not Anonimous
    access) must have a key in Web.Config. This key is Impersonate and the value
    must be true.
    In this way ASP.NET application have your permission on the machine and I
    think that you can do what you want. User property of ASP.NET page can help
    you for know logged user.

    Brun

    "- Steve -" <> wrote in message
    news:%...
    > This is for admins to reset users forgotten passwords, etc. So I don't

    know
    > the existing password of the account.
    >
    > How can I impersonate another account? Preferably how do I get it to
    > execute under the context of the user that logged into IIS (it's protected
    > with basic authentication)
    >
    > --
    >
    > Steve Evans
    > Email Services
    > SDSU Foundation
    >
    >
    > "bruce barker" <> wrote in message
    > news:%...
    > > you should have the user pass the old password, then impersonate them,

    > then
    > > change password to new password., otherwise you need to impersonate a

    > domain
    > > admin
    > >
    > >
    > > -- bruce (sqlwork.com)
    > >
    > >
    > > "- Steve -" <> wrote in message
    > > news:eC4VE#...
    > > > I'm trying to change a user's password using

    > objUser.Invoke("setPassword",
    > > > "newpassword")
    > > >
    > > > It works fine as a console application if I'm logged in with someone

    > with
    > > > the correct permissions. If I'm logged in as a normal user it doesn't

    > > work,
    > > > even though call before that,
    > > >
    > > > objUser.Username = ""
    > > > objUser.Password = "adminpassword"
    > > >
    > > > Obviously the ASP.NET account doesn't have permissions to change

    > passwords
    > > > so how can I escalate my permissions for this one task?
    > > >
    > > > -
    > > > Steve Evans
    > > > Email Services
    > > > SDSU Foundation
    > > >
    > > >

    > >
    > >

    >
    >
     
    Bruno Sirianni, Apr 2, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Dopierala Jr.

    Re: How to get Windows logon user credential?

    Ken Dopierala Jr., Aug 28, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    4,494
    cindy liu
    Aug 28, 2003
  2. Replies:
    2
    Views:
    333
  3. AAaron123
    Replies:
    2
    Views:
    2,363
    AAaron123
    Jan 16, 2009
  4. culeno
    Replies:
    3
    Views:
    157
    Joe Kaplan \(MVP - ADSI\)
    May 19, 2005
  5. Lambuz

    DCOM + IIS + user credential

    Lambuz, Dec 16, 2005, in forum: ASP General
    Replies:
    0
    Views:
    119
    Lambuz
    Dec 16, 2005
Loading...

Share This Page