Re: Changing domain user password

I'm reasonably sure ASP.NET is working (the .aspx page that I'm putting
below comes up), but this is my first try at programming anything in it, so
take that for what it's worth. I'm including the code for the reset.aspx
file and web.config. The only change that I made to machine.config was to
change the username and password under the processModel section to be my
domain admin account (I found that suggestion somewhere on the Web while
researching the error).

Thanks for any help,
Harry

reset.aspx:
<%@ Assembly Name="System.DirectoryServices, Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"%>
<%@ Assembly Name="Dunnry.Security" %>

<%@ Import Namespace="System.DirectoryServices" %>
<%@ Import Namespace="Dunnry.Security" %>

<HTML>
<script language="C#" runat="server">

void Page_Load(Object Src, EventArgs E ) {
if(!Page.IsPostBack)
{

}
}

private void ResetPassword(object sender, EventArgs e)
{
//for impersonation
string username = "AdminUser";
string password = "adminpwd";
string domain = "domain";

Impersonate i = new Impersonate(LogonProvider.LOGON32_PROVIDER_WINNT50);
i.ImpersonateUser(username, domain, password);

string ldapPath = LDAP://dc=mydomain,dc=com;
DirectoryEntry de = new DirectoryEntry(ldapPath);
de.AuthenticationType = AuthenticationTypes.Secure;
string qry =
String.Format("(&(objectClass=user)(objectCategory=person)(sAMAccountName={0}))",
txtUsername.Text);

DirectorySearcher ds = new DirectorySearcher(de,qry);
SearchResult sr = ds.FindOne();

if(sr==null)
{
lblMessage.Text = "User not found";
return;
}

try
{
DirectoryEntry user = sr.GetDirectoryEntry();
user.AuthenticationType = AuthenticationTypes.Secure;
user.Invoke("SetPassword", new object[]{txtPassword.Text});
lblMessage.Text = "Success <br>";
}
catch(Exception ex)
{
//throw ex;
lblMessage.Text = "Failure: " + ex.Message;
if(ex.InnerException != null)
lblMessage.Text += "<br>" + ex.InnerException.Message;
}
finally
{
de.Close();
i.UndoImpersonation();
}
}
</script>

<body>
<form runat="server">
UserName: <asp:textbox id="txtUsername" runat="server"/><br>
New Password: <asp:textbox id="txtPassword" runat="server"/><br>
<asp:button id="btnReset" runat="server" Text="Reset"
OnClick="ResetPassword" /><br>
<asp:label id="lblMessage" runat="server"/><br><br>
I am running as: <%=Context.User.Identity.Name %><br>
My process is running as:
<%=System.Security.Principal.WindowsIdentity.GetCurrent().Name %>
</form>
</body>
</HTML>


web.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows" />
<!--<authorization>
<deny users="?" />
</authorization>-->
</system.web>

<!-- Secure the .aspx page using web.config
<location path="reset.aspx">
<system.web>
<authorization>
<allow roles="DOMAIN\AdminUser" />
<deny users="*" />
</authorization>
</system.web>
</location> -->
</configuration>

processModel section of machine.config:
<processModel
enable="true"
timeout="Infinite"
idleTimeout="Infinite"
shutdownTimeout="0:00:05"
requestLimit="Infinite"
requestQueueLimit="5000"
restartQueueLimit="10"
memoryLimit="60"
webGarden="false"
cpuMask="0xffffffff"
userName="domain\adminuser"
password="adminpwd"
logLevel="Errors"
clientConnectedCheck="0:00:05"
comAuthenticationLevel="Connect"
comImpersonationLevel="Impersonate"
responseDeadlockInterval="00:03:00"
maxWorkerThreads="20"
maxIoThreads="20"
/>


"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:e%235SZFnBGHA.1864@xxxxxxxxxxxxxxxxxxxxxxx
> The crux of doing this in a web page is simply to create a DirectoryEntry
> object that is bound to the user's object in AD and invoking the
> ChangePassword ADSI method. Impersonation may or may not be needed as you
> need to prompt for the old password anyway, so it doesn't really hurt to
> simply use those credentials in your DirectoryEntry constructor.
>
> The error you are getting sounds like it is unrelated to an
> DirectoryServices programming stuff though. Are you sure ASP.NET is
> working in general?
>
> Note also that Ryan and I have book coming out that covers this stuff in
> detail, but it won't be available for a few more months now.
>
> Posting an example of the code you are using would be a great start.
>
> Joe K.
>
> "Harry Devine" <hdevine@xxxxxxxxxxxxxxxx> wrote in message
> news:%23FysvCmBGHA.1008@xxxxxxxxxxxxxxxxxxxxxxx
>> I've been searching around for an answer to this question, but haven't
>> gotten too far. I'm fairly new to ASP.NET, so I'm not sure how to setup
>> machine.config and web.config properly.
>>
>> What I want to be able to do is allow a domain user to change their
>> password in the AD via a webpage. We have several users with domain
>> accounts, but they do not actually login to our domain as they are spread
>> out all over the country. I have a VBS script that notifies them when
>> their password is due to expire, starting 10 days out.
>>
>> Since these users are not local to where my domain controller resides,
>> they have to call me or email me to have their password reset. I found
>> an example written by Ryan Dunn using an Impersonate function that he
>> wrote (www.dunnry.com), but I keep getting an error stating: "Parser
>> Error Message: The XML file
>> c:\winnt\microsoft.net\framework\v1.1.4322\Config\machine.config could
>> not be loaded. Either a required impersonation level was not provided, or
>> the provided impersonation level is invalid. "
>>
>> This seems like, to me, a fundamental type of function to do, but info on
>> how to do it is all over the place. Does anyone have any good ideas or
>> steps on how to accomplish this?
>>
>> Thanks for any help,
>> Harry
>>
>
>


.