Changing Active Directory Password from ASP.Net Web Page

Discussion in 'ASP .Net Security' started by Chris Bingham, Sep 22, 2006.

  1. Hi,

    I’m trying to create a simple ASP.Net 2 web page to allow users to alter
    their Active Directory passwords, but I can’t seem to get it working and I
    was hoping someone might be able to help me please?
    Basically, the situation I’m in is this. I have a small, air-gapped network
    for a very limited number of users, about half of who work on Linux systems.
    To support them, I’m using Server 2003 R2 with ID Management for Uinx, and I
    had planned on using the Password Synchronisation components that come with
    IDMU to allow these users to change their passwords. However, the compiled
    versions that are supplied don’t work on Redhat Enterprise Linux 4 x64 (which
    the Linux systems are running), and the source code that comes with them
    won’t compile on it either.

    So my plan-b was the web page, and I eventually came up with the following

    Dim result As Boolean
    Dim ADConnect As New ActiveDirectoryMembershipProvider
    Dim config = New System.Collections.Specialized.NameValueCollection()

    config.Add("connectionStringName", "ADService")
    config.Add("connectionUsername", txtUserName.Text)
    config.Add("connectionPassword", txtCurPasswd.Text)
    config.Add("connectionProtection", "Secure")
    config.Add("enableSearchMethods", "true")
    ADConnect.Initialize(ADConnect.Name, config)
    result = ADConnect.ChangePassword(txtUserName.Text,
    txtCurPasswd.Text, txtNewPasswd1.Text)

    with ‘ADService’ being this code in the web.config file;

    <add name="ADService" connectionString="LDAP://Server.Lock-Martin.local"/>

    However, the result I get back off this (the value of ‘result’) is always
    ‘false’! I don’t get any error messages, anywhere, it just doesn’t work!!!

    I tested that I could connect to AD via LDAP OK using ldp and the same test
    user name & password I’d be testing the web page with, it connected OK and I
    could view the properties of the test user object.

    I tried disabling all of the password policy requirements, but it still
    fails! To be honest, I’m not really a proper programmer (I write occasional
    scripts, and know a little of VB.Net), and I’m out of ideas with this one!

    Any help o advice anyone can give would be greatly appreciated!

    Chris Bingham, Sep 22, 2006
    1. Advertisements

  2. Chris Bingham

    Joe Kaplan Guest

    Is it important for you to use the AD membership provider to implement this,
    or are you willing/interested in just coding this functionality directly? I
    don't really know why the AD membership provider isn't working and isn't
    providing good feedback either, but you can definitely get more control over
    the situation by just calling the appropriate AD change password logic

    There's actually a pretty thorough discussion of this topic in ch 10 of my
    book, which you can get as a free download from the website in my sig. You
    might want to check that out.

    Unfortunately, this all does sort of assume you are a developer, so it might
    be too much for you to take on.

    There is also built in functionality that ships with IIS 6 in the form of
    the password admin pages that you may just be able to use directly without
    having to code anything. That might be your best bet for a simple password
    change site.

    Joe K.
    Joe Kaplan, Sep 22, 2006
    1. Advertisements

  3. Hi Joe,

    Thanks for your help!
    I had a look at your website & book, but I'm afraid it's a bit beyond me!! :(

    However, your comment about the IIS admin pages gave me an idea...
    They weren't suitable themselves, because what I needed to achieve was for
    users to be able to change their own passwords, but not anyone else’s. But,
    by cannibalising Microsoft’s code, I was able to come up with this;

    Dim objUser
    Dim strADSIPath
    Dim strServerName

    'Gets the ComputerName from the system
    strServerName = "Server_Nameâ€

    'sets the path to the user
    strADSIPath = "WinNT://" & strServerName & "/" &
    txtUserName.Text & ",user"

    'Gets the User from the system
    objUser = GetObject(strADSIPath)
    objUser.ChangePassword(txtCurPasswd.Text, txtNewPasswd1.Text)

    Session("Item1") = txtUserName.Text
    bolPasswdChanged = True
    objUser = Nothing

    which works!!

    Thanks again for your help, and I hope this code saves someone else all the
    time I spent on it!

    Chris Bingham, Oct 4, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.