SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2008
    Location
    USA
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Active Directory-ChangePassword

    Hi,


    I am using the below code to change the password. It gives me an error

    Exception has been thrown by the target of an invocation. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    I Checked the active directory server and everything looks fine(all permissions to change the password is set ) . I am able to login to the server but I am not able to do any other operations ..

    Any ideas would be appreciated.


    DirectoryEntry de = new DirectoryEntry("LDAP://abc.xyz.net", txtUserName.Text, txtPassword.Text);

    DirectorySearcher deSearch = new DirectorySearcher();

    deSearch.SearchRoot=de;

    // Filter based on the user Account.

    deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + txtUserName.Text + "))";

    deSearch.SearchScope = SearchScope.Subtree;

    //if there is any records for the user under the active directory

    SearchResult results= deSearch.FindOne();

    if(results!=null)

    {

    de = new DirectoryEntry(results.Path, txtUserName.Text, txtPassword.Text, AuthenticationTypes.Secure);

    //ChangePassword is one of the methods used when calling Invoke

    de.Invoke("ChangePassword", new Object[] { txtPassword.Text, txtConfirmNewPwd.Text });

    //Commit the changes to the active directory

    de.CommitChanges();

    lblErrorMsg.Text = "Password Changed";

    }



    Thanks
    Sree

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,649
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    You have permissions to change passwords, but does the context which the program is running have permissions to change passwords?

  3. #3
    SitePoint Enthusiast
    Join Date
    Oct 2008
    Location
    USA
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How can I check that ?? I am not sure about that...

    We are using IIS6.0 which connects to an active directory server which is on DMZ.

    web.config has the following.

    <authentication mode="Forms">
    <forms loginUrl="AdminLogin.aspx" name="adAuthCookie" timeout="60" path="/" ></forms>
    </authentication>
    <authorization>
    <deny users="?"/>
    <allow users="*"/>
    </authorization>
    <identity impersonate="false"/>

    Thanks,
    Sree

  4. #4
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,649
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    You need to run the site in an application pool with appropriate AD permissions to change stuff in AD. Of course, you should be certain that unauthorized users cannot access the app as they can then change stuff in active directory.

  5. #5
    SitePoint Enthusiast
    Join Date
    Oct 2008
    Location
    USA
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much.

    Let me suggest this to the IIS Team and see if they can come up with something.

    Regards,
    Sree


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •