Hi ALL.
I have the configuration:
1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
2. ASP.NET application A configured to authenticate only users from
local Users group.
I would like to de the following:
Logged on user is able through ASP.NET-Pages to change its own Logon
Username, Password and Full Name
I tried to implement it by the code (C#):
DirectoryEntry deCurrUser = new DirectoryEntry( "WinNT://" +
User.Identity.N ame);
deCurrUser.Invo ke("SetPassword ", new string[]{"123"} ); // ***
If the logged on user belongs only to Users group then the statement ***
causes Exception "SystemUnauther izedException: General access denied error".
But as soon as that user has been included into Administrators group the
statement *** is executed well.
I know about impersonation possibility, but it requires to type clear
Administrators username and password in code-behind class that will be
published on target server.
So, what should I do in order to give to user the ability to change its
username, password and full name?
May be orginize on the target server a group, add the users into the group
and gain to this group some specils rights?
Thanx
Evgeny 6 2070
Hi Evgeny: I know about impersonation possibility, but it requires to type clear Administrato rs username and password in code-behind class that will be published on target server.
If you use
<identity impersonate="tr ue"/>
in the web.config file, than you are impersonating the client without
using an explicit username / password. This is probably the safest
approach, because only local admins would be able to change the
passwords for the local users.
You can put username and password attributes in the <indentity>
element and have the password encrypted in the registry. This is
described in the remarks section of the following: http://msdn.microsoft.com/library/de...itysection.asp
Note however, that all users will then have a request impersonating an
admin, so it's a dangerous approach.
--
Scott http://www.OdeToCode.com/blogs/scott/
Normally, a user can only call ChangePassword on themselves, not
ResetPassword. Administrators generally have rights to ResetPassword. The
latter doesn't require knowing the old password, the former does.
I think that will solve it.
Joe K.
"Evgeny Zoldin" <zo****@hotmail .com> wrote in message
news:Oe******** ********@TK2MSF TNGP10.phx.gbl. .. Hi ALL.
I have the configuration: 1. WinXP PRO with MS IIS 5.0 and installed ASP.NET 2. ASP.NET application A configured to authenticate only users from local Users group.
I would like to de the following: Logged on user is able through ASP.NET-Pages to change its own Logon Username, Password and Full Name
I tried to implement it by the code (C#):
DirectoryEntry deCurrUser = new DirectoryEntry( "WinNT://" + User.Identity.N ame); deCurrUser.Invo ke("SetPassword ", new string[]{"123"} ); // ***
If the logged on user belongs only to Users group then the statement *** causes Exception "SystemUnauther izedException: General access denied error". But as soon as that user has been included into Administrators group the statement *** is executed well.
I know about impersonation possibility, but it requires to type clear Administrators username and password in code-behind class that will be published on target server.
So, what should I do in order to give to user the ability to change its username, password and full name? May be orginize on the target server a group, add the users into the group and gain to this group some specils rights?
Thanx Evgeny
Hi Scott,
thanks a lot for your help. One more question. is it possible to use
impresonating not for whole application but for selected page of them,
namely that where user will be change its data under imparsonated Admin
account?
Thank you in advance
Evgeny
"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:9r******** *************** *********@4ax.c om... Hi Evgeny:
I know about impersonation possibility, but it requires to type clear Administrator s username and password in code-behind class that will be published on target server.
If you use <identity impersonate="tr ue"/> in the web.config file, than you are impersonating the client without using an explicit username / password. This is probably the safest approach, because only local admins would be able to change the passwords for the local users.
You can put username and password attributes in the <indentity> element and have the password encrypted in the registry. This is described in the remarks section of the following: http://msdn.microsoft.com/library/de...itysection.asp
Note however, that all users will then have a request impersonating an admin, so it's a dangerous approach.
-- Scott http://www.OdeToCode.com/blogs/scott/
Hi Joe,
thank you for your advice, but how can I get oldPassword of currently logged
User in ASP.NET for feed ChangePassword method?
Evgeny
"Joe Kaplan (MVP - ADSI)" <jo************ *@removethis.ac centure.com> wrote
in message news:%2******** ********@TK2MSF TNGP15.phx.gbl. .. Normally, a user can only call ChangePassword on themselves, not ResetPassword. Administrators generally have rights to ResetPassword. The latter doesn't require knowing the old password, the former does.
I think that will solve it.
Joe K.
"Evgeny Zoldin" <zo****@hotmail .com> wrote in message news:Oe******** ********@TK2MSF TNGP10.phx.gbl. .. Hi ALL.
I have the configuration: 1. WinXP PRO with MS IIS 5.0 and installed ASP.NET 2. ASP.NET application A configured to authenticate only users from local Users group.
I would like to de the following: Logged on user is able through ASP.NET-Pages to change its own Logon Username, Password and Full Name
I tried to implement it by the code (C#):
DirectoryEntry deCurrUser = new DirectoryEntry( "WinNT://" + User.Identity.N ame); deCurrUser.Invo ke("SetPassword ", new string[]{"123"} ); // ***
If the logged on user belongs only to Users group then the statement *** causes Exception "SystemUnauther izedException: General access denied error". But as soon as that user has been included into Administrators group the statement *** is executed well.
I know about impersonation possibility, but it requires to type clear Administrators username and password in code-behind class that will be published on target server.
So, what should I do in order to give to user the ability to change its username, password and full name? May be orginize on the target server a group, add the users into the group and gain to this group some specils rights?
Thanx Evgeny
You would have to ask them for it unless you are using Basic authentication,
in which case you can just read the auth_password header. Most password
change processes prompt the user to enter the old password as well as the
new one to verify that the current user actually knows the old one, so I
don't think users will be too bothered by this.
Joe K.
"Evgeny Zoldin" <zo****@hotmail .com> wrote in message
news:eG******** ******@tk2msftn gp13.phx.gbl... Hi Joe,
thank you for your advice, but how can I get oldPassword of currently logged User in ASP.NET for feed ChangePassword method?
Evgeny
"Joe Kaplan (MVP - ADSI)" <jo************ *@removethis.ac centure.com> wrote in message news:%2******** ********@TK2MSF TNGP15.phx.gbl. .. Normally, a user can only call ChangePassword on themselves, not ResetPassword. Administrators generally have rights to ResetPassword. The latter doesn't require knowing the old password, the former does.
I think that will solve it.
Joe K.
"Evgeny Zoldin" <zo****@hotmail .com> wrote in message news:Oe******** ********@TK2MSF TNGP10.phx.gbl. .. Hi ALL.
I have the configuration: 1. WinXP PRO with MS IIS 5.0 and installed ASP.NET 2. ASP.NET application A configured to authenticate only users from local Users group.
I would like to de the following: Logged on user is able through ASP.NET-Pages to change its own Logon Username, Password and Full Name
I tried to implement it by the code (C#):
DirectoryEntry deCurrUser = new DirectoryEntry( "WinNT://" + User.Identity.N ame); deCurrUser.Invo ke("SetPassword ", new string[]{"123"} ); // ***
If the logged on user belongs only to Users group then the statement *** causes Exception "SystemUnauther izedException: General access denied error". But as soon as that user has been included into Administrators group the statement *** is executed well.
I know about impersonation possibility, but it requires to type clear Administrators username and password in code-behind class that will be published on target server.
So, what should I do in order to give to user the ability to change its username, password and full name? May be orginize on the target server a group, add the users into the group and gain to this group some specils rights?
Thanx Evgeny
Yes, Evgeny. One way to do this is with a <location> entry. http://msdn.microsoft.com/library/de...ionelement.asp
--
Scott http://www.OdeToCode.com/blogs/scott/
On Tue, 23 Nov 2004 23:37:31 +0100, "Evgeny Zoldin"
<zo****@hotmail .com> wrote: Hi Scott,
thanks a lot for your help. One more question. is it possible to use impresonatin g not for whole application but for selected page of them, namely that where user will be change its data under imparsonated Admin account?
Thank you in advance
Evgeny This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Publickey |
last post by:
Hi, I am having trouble setting the user's cn value using VB .NET 2002 while
creating a new user account. The code is as below:
***********************Start of code****************************
Dim enTry As DirectoryEntry = New DirectoryEntry("LDAP://" + ldapStr)
Dim NewUser As DirectoryEntry = enTry.Children.Add("CN=" &
sAMAccountName, "User")
NewUser.Properties("sAMAccountName").Value = sAMAccountName...
|
by: Ram |
last post by:
Hey,
I'v managed to set the "User Must Change Password At Next Logon" flag on the
LDAP protocol,
Using the - "pwdLastSet" property - by setting it to - "0" (for on) or -
"-1" (for off).
The problem is, I dont know how to check what's the current status of this
user -
When I try and read this property from the user's DirectoryEntry,
I get a "System.ComObject" object, and I cant get any data from this object.
Does Anyone has an idea what...
|
by: Angelo |
last post by:
Hi,
I've been trying to create a user in Active Directory. So far this works,
however default the user is disabled. I've been trying so much code to
enable the user, but without success, perhaps you could help me.
Here's the code:
--------------------------
System.DirectoryServices.DirectorySearcher DSESearcher = new
System.DirectoryServices.DirectorySearcher();
|
by: Bob and Sharon Hiller |
last post by:
I have an ASP page that was done in VBScript
It is setup to read an Access database and I need to change it to read
a Sql 2005 Database.
The code that is used to open the Access Database:
Set adoConnection = server.CreateObject("ADODB.Connection")
Set adoRecordset = server.CreateObject("ADODB.Recordset")
adoConnection.Provider = "Microsoft.Jet.OLEDB.4.0"
Dim strLocation, iLength
|
by: kustavo |
last post by:
Good day.
I would like to know if there is an API i can use to change windows service to run under LocalSystem account from a user account. Currently I am using the API below to change the service from using a LocalSystem account to a user account.
public static int ChangeService(string Name, string Password, string serviceName)
{
ManagementBaseObject inParams = null;
ManagementObject srvc...
| |
by: Jeff Williams |
last post by:
How can I get a list of the Groups both Local and Domain groups a User
belongs to.
|
by: Michael Howes |
last post by:
I'm writing a utility to manage a machines *local* accounts in c#
I am getting all the users in a specific Group just fine but when I
want to get some of the information on each user from their Properties
collection I can't get the properties on some users.
For example, I get all the users that are part of my machines
Administrators Group. I get get the properties of the built in local
Administrator account and some local IT account,...
|
by: Big Charles |
last post by:
Hello,
Programming in VS2003-ASP.NET 1.1, I have this problem: Using
DirectoryEntry and without any admin user, how can I check if a domain
account, that try to login, has expired?
Scenario: User load web application and login using account and
password of the Active Directory.
But user account of ActiveDirectory has expired (or password could be
expired). For security reason, we don't want to use any account with
admin privilegies for...
|
by: =?Utf-8?B?bXVyYWRqYW1lcw==?= |
last post by:
Yes, sorry I tried to make it clear in the original question that I want to
get the user token of the service - ie. the account the service is running
under. I know services don't have user tokens - I suspect users do have
tokens, hence "user token", otherwise we might call them "service tokens" or
somesuch :-)
If you read the question again, you migh see that the fundamental question
is, *assuming there is no other approach*:
The...
|
by: gavy7210 |
last post by:
hello
i am using struts 1.2,Eclipse Platform Version: 3.4.2,mySql 5.0.1,jdk 1.5..
i have a login form(jsp) in which a user logs in,in case he doesnt enter his username and/or password an error is displayed using the <ul> tag and <html:errors> in the jsp. in the from class a vaidate method creates an actionerrors object adds all the errors to it and finally returns it.
the ids are linked in messageresources.properties and appropriate...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |