How to change user account properties by ASP.NET?

E

Evgeny Zoldin

Hi ALL.

I have the configuration:
1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
2. ASP.NET application A configured to authenticate only users from
local Users group.

I would like to de the following:
Logged on user is able through ASP.NET-Pages to change its own Logon
Username, Password and Full Name

I tried to implement it by the code (C#):

DirectoryEntry deCurrUser = new DirectoryEntry("WinNT://" +
User.Identity.Name);
deCurrUser.Invoke("SetPassword", new string[]{"123"} ); // ***

If the logged on user belongs only to Users group then the statement ***
causes Exception "SystemUnautherizedException: General access denied error".
But as soon as that user has been included into Administrators group the
statement *** is executed well.

I know about impersonation possibility, but it requires to type clear
Administrators username and password in code-behind class that will be
published on target server.

So, what should I do in order to give to user the ability to change its
username, password and full name?
May be orginize on the target server a group, add the users into the group
and gain to this group some specils rights?

Thanx
Evgeny
 
S

Scott Allen

Hi Evgeny:
I know about impersonation possibility, but it requires to type clear
Administrators username and password in code-behind class that will be
published on target server.

If you use
<identity impersonate="true"/>
in the web.config file, than you are impersonating the client without
using an explicit username / password. This is probably the safest
approach, because only local admins would be able to change the
passwords for the local users.

You can put username and password attributes in the <indentity>
element and have the password encrypted in the registry. This is
described in the remarks section of the following:
http://msdn.microsoft.com/library/d.../en-us/cpgenref/html/gngrfidentitysection.asp

Note however, that all users will then have a request impersonating an
admin, so it's a dangerous approach.
 
J

Joe Kaplan \(MVP - ADSI\)

Normally, a user can only call ChangePassword on themselves, not
ResetPassword. Administrators generally have rights to ResetPassword. The
latter doesn't require knowing the old password, the former does.

I think that will solve it.

Joe K.
 
E

Evgeny Zoldin

Hi Scott,

thanks a lot for your help. One more question. is it possible to use
impresonating not for whole application but for selected page of them,
namely that where user will be change its data under imparsonated Admin
account?

Thank you in advance

Evgeny
 
E

Evgeny Zoldin

Hi Joe,

thank you for your advice, but how can I get oldPassword of currently logged
User in ASP.NET for feed ChangePassword method?

Evgeny

Joe Kaplan (MVP - ADSI) said:
Normally, a user can only call ChangePassword on themselves, not
ResetPassword. Administrators generally have rights to ResetPassword.
The latter doesn't require knowing the old password, the former does.

I think that will solve it.

Joe K.

Evgeny Zoldin said:
Hi ALL.

I have the configuration:
1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
2. ASP.NET application A configured to authenticate only users from
local Users group.

I would like to de the following:
Logged on user is able through ASP.NET-Pages to change its own Logon
Username, Password and Full Name

I tried to implement it by the code (C#):

DirectoryEntry deCurrUser = new DirectoryEntry("WinNT://" +
User.Identity.Name);
deCurrUser.Invoke("SetPassword", new string[]{"123"} ); // ***

If the logged on user belongs only to Users group then the statement ***
causes Exception "SystemUnautherizedException: General access denied
error".
But as soon as that user has been included into Administrators group the
statement *** is executed well.

I know about impersonation possibility, but it requires to type clear
Administrators username and password in code-behind class that will be
published on target server.

So, what should I do in order to give to user the ability to change its
username, password and full name?
May be orginize on the target server a group, add the users into the
group and gain to this group some specils rights?

Thanx
Evgeny
 
J

Joe Kaplan \(MVP - ADSI\)

You would have to ask them for it unless you are using Basic authentication,
in which case you can just read the auth_password header. Most password
change processes prompt the user to enter the old password as well as the
new one to verify that the current user actually knows the old one, so I
don't think users will be too bothered by this.

Joe K.

Evgeny Zoldin said:
Hi Joe,

thank you for your advice, but how can I get oldPassword of currently
logged User in ASP.NET for feed ChangePassword method?

Evgeny

Joe Kaplan (MVP - ADSI) said:
Normally, a user can only call ChangePassword on themselves, not
ResetPassword. Administrators generally have rights to ResetPassword.
The latter doesn't require knowing the old password, the former does.

I think that will solve it.

Joe K.

Evgeny Zoldin said:
Hi ALL.

I have the configuration:
1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
2. ASP.NET application A configured to authenticate only users from
local Users group.

I would like to de the following:
Logged on user is able through ASP.NET-Pages to change its own Logon
Username, Password and Full Name

I tried to implement it by the code (C#):

DirectoryEntry deCurrUser = new DirectoryEntry("WinNT://" +
User.Identity.Name);
deCurrUser.Invoke("SetPassword", new string[]{"123"} ); // ***

If the logged on user belongs only to Users group then the statement ***
causes Exception "SystemUnautherizedException: General access denied
error".
But as soon as that user has been included into Administrators group the
statement *** is executed well.

I know about impersonation possibility, but it requires to type clear
Administrators username and password in code-behind class that will be
published on target server.

So, what should I do in order to give to user the ability to change its
username, password and full name?
May be orginize on the target server a group, add the users into the
group and gain to this group some specils rights?

Thanx
Evgeny
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top