473,578 Members | 3,177 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Setting "User Cannot Change Password" Flag from ASP.NET/C#

I downloaded the attached code from MS. It flips on the "User Cannot Change
Password" on a user in AD and works great from a console or
windows app, but when put into an ASP.NET app I get a "The security ID
structure is invalid." error when trying to assign the new security
descriptor. I am running in Windows Authentication mode with IIS set to
Integrated security on an XP box.

Does anyone have a work around for this?

Thanks in advance.
John

(http://msdn.microsoft.com/library/de...-us/sds/sds/ma
naging_user_pas swords.asp)
using System;
using System.Director yServices;

public class securitydescrip torclass
{
public const string PASSWORD_GUID =
"{ab721a53-1e2f-11d0-9819-00aa0040529b}";
public const int ADS_UF_ACCOUNTD ISABLE=2;
public const int ADS_UF_PASSWORD _EXPIRED=0x8000 00;
public const int
ADS_UF_TRUSTED_ TO_AUTHENTICATE _FOR_DELEGATION =0x1000000;

public static void Main(string[] args)
{
DirectoryEntry ent = new DirectoryEntry( );
DirectoryEntry ou = ent.Children.Fi nd("OU=Consulti ng");
DirectoryEntry usr = ou.Children.Add ("CN=Alice Sullivan","user ");

string[] trustees = new string[]{@"NT AUTHORITY\SELF" ,"EVERYONE"} ;

ActiveDs.IADsSe curityDescripto r sd =

(ActiveDs.IADsS ecurityDescript or)usr.Properti es["ntSecurityDesc riptor"].Valu
e;
ActiveDs.IADsAc cessControlList acl =
(ActiveDs.IADsA ccessControlLis t)
sd.Discretionar yAcl;
ActiveDs.IADsAc cessControlEntr y ace = new
ActiveDs.Access ControlEntry();
foreach(string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = (int)
ActiveDs.ADS_AC ETYPE_ENUM.ADS_ ACETYPE_ACCESS_ DENIED_OBJECT;
ace.Flags =
(int)ActiveDs.A DS_FLAGTYPE_ENU M.ADS_FLAG_OBJE CT_TYPE_PRESENT ;
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask =
(int)ActiveDs.A DS_RIGHTS_ENUM. ADS_RIGHT_DS_CO NTROL_ACCESS;
acl.AddAce(ace) ;
}
sd.Discretionar yAcl = acl;
usr.Properties["ntSecurityDesc riptor"].Value = sd;
usr.CommitChang es();
}
}

Nov 16 '05 #1
1 10449
Don't know why you are getting the error you are getting. There are quite a
few AD methods that have problems when called from ASP.NET.
See the following.
http://msdn.microsoft.com/library/de...rustedcode.asp

Perhaps your problem is related?

I hope this info is helpful.
--- Nick

"John Beard" <jo********@fsa food.com> wrote in message
news:%2******** ********@TK2MSF TNGP10.phx.gbl. ..
I downloaded the attached code from MS. It flips on the "User Cannot Change Password" on a user in AD and works great from a console or
windows app, but when put into an ASP.NET app I get a "The security ID
structure is invalid." error when trying to assign the new security
descriptor. I am running in Windows Authentication mode with IIS set to
Integrated security on an XP box.

Does anyone have a work around for this?

Thanks in advance.
John

(http://msdn.microsoft.com/library/de...-us/sds/sds/ma naging_user_pas swords.asp)
using System;
using System.Director yServices;

public class securitydescrip torclass
{
public const string PASSWORD_GUID =
"{ab721a53-1e2f-11d0-9819-00aa0040529b}";
public const int ADS_UF_ACCOUNTD ISABLE=2;
public const int ADS_UF_PASSWORD _EXPIRED=0x8000 00;
public const int
ADS_UF_TRUSTED_ TO_AUTHENTICATE _FOR_DELEGATION =0x1000000;

public static void Main(string[] args)
{
DirectoryEntry ent = new DirectoryEntry( );
DirectoryEntry ou = ent.Children.Fi nd("OU=Consulti ng");
DirectoryEntry usr = ou.Children.Add ("CN=Alice Sullivan","user ");

string[] trustees = new string[]{@"NT AUTHORITY\SELF" ,"EVERYONE"} ;

ActiveDs.IADsSe curityDescripto r sd =

(ActiveDs.IADsS ecurityDescript or)usr.Properti es["ntSecurityDesc riptor"].Valu e;
ActiveDs.IADsAc cessControlList acl =
(ActiveDs.IADsA ccessControlLis t)
sd.Discretionar yAcl;
ActiveDs.IADsAc cessControlEntr y ace = new
ActiveDs.Access ControlEntry();
foreach(string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = (int)
ActiveDs.ADS_AC ETYPE_ENUM.ADS_ ACETYPE_ACCESS_ DENIED_OBJECT;
ace.Flags =
(int)ActiveDs.A DS_FLAGTYPE_ENU M.ADS_FLAG_OBJE CT_TYPE_PRESENT ;
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask =
(int)ActiveDs.A DS_RIGHTS_ENUM. ADS_RIGHT_DS_CO NTROL_ACCESS;
acl.AddAce(ace) ;
}
sd.Discretionar yAcl = acl;
usr.Properties["ntSecurityDesc riptor"].Value = sd;
usr.CommitChang es();
}
}

Nov 16 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
3331
by: twhan twhan via .NET 247 | last post by:
Hi, currently i am developing a Radius server application. Cananyone show me how can i unpack the "User-Password" attribute sothat i can get back the password in plain text so that i canverify it against my database. For example, the user entered password "testpassword". Assumethat the shared secret between the NAS and my radius server...
2
2644
by: caradhras | last post by:
I've been troubleshooting for a friend's charity. She wants their database accessible from both their PCs (I'll call them A & B), which are on a local network, both running A2K on Windows 98. I manually split the DB into a front & back end, and placed the backend in a shared folder on computer A. Made sure the shared folder was set to "full...
0
1221
by: John Beard | last post by:
I downloaded the attached code from MS. It flips on the "User Cannot Change Password" on a user in AD and works great from a console or windows app, but when put into an ASP.NET app I get a "The security ID structure is invalid." error when trying to assign the new security descriptor. I am running in Windows Authentication mode with IIS set...
2
3791
by: partybob99 | last post by:
I am trying to call SP_Password from some vb.net code. This should be very straight forward but no matter what I do, I keep getting errors. Here is the code strConnectString = "Data Source=" + strServer + ";Initial Catalog=master;user id=" + strID + ";password=" + strOldPass + ";" Conn.ConnectionString = strConnectString Conn.Open()
0
2008
by: damontimm | last post by:
My setup: Mac OS 10.4.4; mysql 4.x ... everything was installed and working fine for some time. Today, I added drupal to my system and had to create a new database in mysql -- now I am having some problems. I will outline the problem, what I have tried to do to fix it, and what I think caused it. Hope you can help and I am sorry this is long....
8
1831
by: Maxi | last post by:
Hello, i'm sorry my bad english :( I have CR9 Webservice, how to change databadse name and User_name into Webservice method? (not Viewer Control) Tks!! -- --------------------------
2
1895
by: =?Utf-8?B?Y2FzaGRlc2ttYWM=?= | last post by:
I have a .NET 1.1 component trying to connect to a database but I keep getting the following message when the exception is thrown: @"Login failed for user '\'." It appears that no user and role are being passed to the connection object, otherwise it would surely give the name of the user who was being denied. Has anyone come up against...
0
2537
by: FrankieBakerJr | last post by:
Hello all I have an ASP.NET 2003 application (running Windows XP) that allows user to change and reset their Active Directory password. I'm using an admin account to query and reset the passwords once the user enters criteria to identify themselves. I want to check, in code, the Account Option "User cannot change password" in Active Directory to...
3
5033
by: =?Utf-8?B?QXhlbCBEYWhtZW4=?= | last post by:
Hi, we've got a strange problem here: We've created an ASP.NET 2.0 web application using Membership.ValidateUser() to manually authenticate users with our website. The problem is: If the user has the "User must change password" flag set in Active Directory, ValidateUser() always returns false if that user wants to log in.
0
8125
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8290
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7874
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8148
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6522
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5342
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3781
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
1389
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1113
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.