Changing windows passwords remotely

[dlinetsky]

I have a C# web app that uses mixed mode authentication (windows
integrated auth. together with formsAuthentication). I would like to
have a form that allows users to change their windows passwords
remotely. Does anyone know how I could do this?

 

[Amir Ghezelbash]

you mean you want us to write a code for you ?
what do you mean how it can be done
connect to the sql server (if your using one) change the password the
way you do in your asp.net application
if your having a problem
post your code with your question
but we wont write the code for you

 

[dlinetsky]

I don't want you to write any code for me, I just want a suggestion
about how to proceed or a web resource that dicusses the subject. I'm
not using sql server to store credentials, I'm using windows integrated
authentication so I need to be able to access active directory and
change windows acoount passwords remotely using a web form. Here is
the code from my login page to give you an idea of what I'm doing:

void Login_Click(Object sender, EventArgs e)
{
String adPath = "LDAP://... /DC=...,DC=..."; //Path to my LDAP
directory server
LdapAuthentication adAuth = new LdapAuthentication(adPath);
try
{
if(true == adAuth.IsAuthenticated(domain.Text, userName.Text,
password.Text))
{
String groups = adAuth.GetGroups();

//Create the ticket, and add the groups.
bool isCookiePersistent = false; //chkPersist.Checked;
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, userName.Text,
DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent,
groups);

//Encrypt the ticket.
String encryptedTicket = FormsAuthentication.Encrypt(authTicket);

//Create a cookie, and then add the encrypted ticket to the
cookie as data.
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

if(true == isCookiePersistent)
authCookie.Expires = authTicket.Expiration;

//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);

//You can redirect now.

Response.Redirect(FormsAuthentication.GetRedirectUrl(userName.Text,
false));
}
else
{
errorLabel.Text = "Authentication did not succeed. Check user
name and password.";
}
}
catch(Exception ex)
{
errorLabel.Text = "Error authenticating. " + ex.Message;
}
}

 

[Bob Powell [MVP]]

I think that the techniques to do this will not neccesarily have anything to
do with C# language.

Try asking over in windowsxp.security. This sounds more like that sort of
issue.

--
Bob Powell [MVP]
Visual C#, System.Drawing

Ramuseco Limited .NET consulting
http://www.ramuseco.com

Find great Windows Forms articles in Windows Forms Tips and Tricks
http://www.bobpowell.net/tipstricks.htm

Answer those GDI+ questions with the GDI+ FAQ
http://www.bobpowell.net/faqmain.htm

All new articles provide code in C# and VB.NET.
Subscribe to the RSS feeds provided and never miss a new article.

 

[Nicholas Paldino [.NET/C# MVP]]

You will want to call the NetUserChangePassword API function through the
P/Invoke layer. You can most likely get the definition from
http://www.pinvoke.net.

Depending on your setup, I don't know if you are going to be able to get
it to work. If you are impersonating the user on the web server side, you
^should^ this should work, assuming users can change their own passwords.
If not (or you are not impersonating the user, which you shouldn't be in
general in an ASP.NET app), you will have to impersonate a user that has the
rights to change the password. Of course, this is a VERY dangerous
operation, so be careful.

Hope this helps.

 

[Willy Denoyette [MVP]]

Use the System.Directory namespace classes like you did, but invoke the
native method to change the password of a user like this.


UserEntry is a DirectorEntry object reference that points to the user
account entry in the AD.

object[] password = new object[] {"oldpwd", "newPwd"};
object ret = userEntry.Invoke("ChangePassword", password );
userEntry.CommitChanges();
....


Willy.

 

[Willy Denoyette [MVP]]

Why PInvoke when there are managed options available??????


Willy.

You will want to call the NetUserChangePassword API function through
the P/Invoke layer. You can most likely get the definition from
http://www.pinvoke.net.

Depending on your setup, I don't know if you are going to be able to
get it to work. If you are impersonating the user on the web server side,
you ^should^ this should work, assuming users can change their own
passwords. If not (or you are not impersonating the user, which you
shouldn't be in general in an ASP.NET app), you will have to impersonate a
user that has the rights to change the password. Of course, this is a
VERY dangerous operation, so be careful.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I have a C# web app that uses mixed mode authentication (windows
integrated auth. together with formsAuthentication). I would like to
have a form that allows users to change their windows passwords
remotely. Does anyone know how I could do this?

 

[dlinetsky]

Thanks Willy, I'll give that a try. I was pretty sure it was something
like that but I was using

userEntry.Invoke("setPassword", password );

which was not working. Thanks for the tip.