473,698 Members | 2,616 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Setting "User Cannot Change Password" Flag from ASP.NET/C#

I downloaded the attached code from MS. It flips on the "User Cannot Change
Password" on a user in AD and works great from a console or
windows app, but when put into an ASP.NET app I get a "The security ID
structure is invalid." error when trying to assign the new security
descriptor. I am running in Windows Authentication mode with IIS set to
Integrated security on an XP box.

Does anyone have a work around for this?

Thanks in advance.
John

(http://msdn.microsoft.com/library/de...-us/sds/sds/ma
naging_user_pas swords.asp)
using System;
using System.Director yServices;

public class securitydescrip torclass
{
public const string PASSWORD_GUID =
"{ab721a53-1e2f-11d0-9819-00aa0040529b}";
public const int ADS_UF_ACCOUNTD ISABLE=2;
public const int ADS_UF_PASSWORD _EXPIRED=0x8000 00;
public const int
ADS_UF_TRUSTED_ TO_AUTHENTICATE _FOR_DELEGATION =0x1000000;

public static void Main(string[] args)
{
DirectoryEntry ent = new DirectoryEntry( );
DirectoryEntry ou = ent.Children.Fi nd("OU=Consulti ng");
DirectoryEntry usr = ou.Children.Add ("CN=Alice Sullivan","user ");

string[] trustees = new string[]{@"NT AUTHORITY\SELF" ,"EVERYONE"} ;

ActiveDs.IADsSe curityDescripto r sd =

(ActiveDs.IADsS ecurityDescript or)usr.Properti es["ntSecurityDesc riptor"].Valu
e;
ActiveDs.IADsAc cessControlList acl =
(ActiveDs.IADsA ccessControlLis t)
sd.Discretionar yAcl;
ActiveDs.IADsAc cessControlEntr y ace = new
ActiveDs.Access ControlEntry();
foreach(string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = (int)
ActiveDs.ADS_AC ETYPE_ENUM.ADS_ ACETYPE_ACCESS_ DENIED_OBJECT;
ace.Flags =
(int)ActiveDs.A DS_FLAGTYPE_ENU M.ADS_FLAG_OBJE CT_TYPE_PRESENT ;
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask =
(int)ActiveDs.A DS_RIGHTS_ENUM. ADS_RIGHT_DS_CO NTROL_ACCESS;
acl.AddAce(ace) ;
}
sd.Discretionar yAcl = acl;
usr.Properties["ntSecurityDesc riptor"].Value = sd;
usr.CommitChang es();
}
}

Nov 16 '05 #1
1 10455
Don't know why you are getting the error you are getting. There are quite a
few AD methods that have problems when called from ASP.NET.
See the following.
http://msdn.microsoft.com/library/de...rustedcode.asp

Perhaps your problem is related?

I hope this info is helpful.
--- Nick

"John Beard" <jo********@fsa food.com> wrote in message
news:%2******** ********@TK2MSF TNGP10.phx.gbl. ..
I downloaded the attached code from MS. It flips on the "User Cannot Change Password" on a user in AD and works great from a console or
windows app, but when put into an ASP.NET app I get a "The security ID
structure is invalid." error when trying to assign the new security
descriptor. I am running in Windows Authentication mode with IIS set to
Integrated security on an XP box.

Does anyone have a work around for this?

Thanks in advance.
John

(http://msdn.microsoft.com/library/de...-us/sds/sds/ma naging_user_pas swords.asp)
using System;
using System.Director yServices;

public class securitydescrip torclass
{
public const string PASSWORD_GUID =
"{ab721a53-1e2f-11d0-9819-00aa0040529b}";
public const int ADS_UF_ACCOUNTD ISABLE=2;
public const int ADS_UF_PASSWORD _EXPIRED=0x8000 00;
public const int
ADS_UF_TRUSTED_ TO_AUTHENTICATE _FOR_DELEGATION =0x1000000;

public static void Main(string[] args)
{
DirectoryEntry ent = new DirectoryEntry( );
DirectoryEntry ou = ent.Children.Fi nd("OU=Consulti ng");
DirectoryEntry usr = ou.Children.Add ("CN=Alice Sullivan","user ");

string[] trustees = new string[]{@"NT AUTHORITY\SELF" ,"EVERYONE"} ;

ActiveDs.IADsSe curityDescripto r sd =

(ActiveDs.IADsS ecurityDescript or)usr.Properti es["ntSecurityDesc riptor"].Valu e;
ActiveDs.IADsAc cessControlList acl =
(ActiveDs.IADsA ccessControlLis t)
sd.Discretionar yAcl;
ActiveDs.IADsAc cessControlEntr y ace = new
ActiveDs.Access ControlEntry();
foreach(string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = (int)
ActiveDs.ADS_AC ETYPE_ENUM.ADS_ ACETYPE_ACCESS_ DENIED_OBJECT;
ace.Flags =
(int)ActiveDs.A DS_FLAGTYPE_ENU M.ADS_FLAG_OBJE CT_TYPE_PRESENT ;
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask =
(int)ActiveDs.A DS_RIGHTS_ENUM. ADS_RIGHT_DS_CO NTROL_ACCESS;
acl.AddAce(ace) ;
}
sd.Discretionar yAcl = acl;
usr.Properties["ntSecurityDesc riptor"].Value = sd;
usr.CommitChang es();
}
}

Nov 16 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
3341
by: twhan twhan via .NET 247 | last post by:
Hi, currently i am developing a Radius server application. Cananyone show me how can i unpack the "User-Password" attribute sothat i can get back the password in plain text so that i canverify it against my database. For example, the user entered password "testpassword". Assumethat the shared secret between the NAS and my radius server is"testshared". I am totally unfamiliar with .NET encryption (MD5,XOR), so please provide some sample codes if...
2
2649
by: caradhras | last post by:
I've been troubleshooting for a friend's charity. She wants their database accessible from both their PCs (I'll call them A & B), which are on a local network, both running A2K on Windows 98. I manually split the DB into a front & back end, and placed the backend in a shared folder on computer A. Made sure the shared folder was set to "full access." Computer A can open everything just fine. Next I copied the frontend to computer B and...
0
1224
by: John Beard | last post by:
I downloaded the attached code from MS. It flips on the "User Cannot Change Password" on a user in AD and works great from a console or windows app, but when put into an ASP.NET app I get a "The security ID structure is invalid." error when trying to assign the new security descriptor. I am running in Windows Authentication mode with IIS set to Integrated security on an XP box. Does anyone have a work around for this? Thanks in...
2
3792
by: partybob99 | last post by:
I am trying to call SP_Password from some vb.net code. This should be very straight forward but no matter what I do, I keep getting errors. Here is the code strConnectString = "Data Source=" + strServer + ";Initial Catalog=master;user id=" + strID + ";password=" + strOldPass + ";" Conn.ConnectionString = strConnectString Conn.Open()
0
2026
by: damontimm | last post by:
My setup: Mac OS 10.4.4; mysql 4.x ... everything was installed and working fine for some time. Today, I added drupal to my system and had to create a new database in mysql -- now I am having some problems. I will outline the problem, what I have tried to do to fix it, and what I think caused it. Hope you can help and I am sorry this is long. The problem: I can't login to mysql anymore with the "root" username (which is where I have all...
8
1837
by: Maxi | last post by:
Hello, i'm sorry my bad english :( I have CR9 Webservice, how to change databadse name and User_name into Webservice method? (not Viewer Control) Tks!! -- --------------------------
2
1904
by: =?Utf-8?B?Y2FzaGRlc2ttYWM=?= | last post by:
I have a .NET 1.1 component trying to connect to a database but I keep getting the following message when the exception is thrown: @"Login failed for user '\'." It appears that no user and role are being passed to the connection object, otherwise it would surely give the name of the user who was being denied. Has anyone come up against this before? A search told me to set both SQL and Windows authorisation on the SQL Server, but...
0
2545
by: FrankieBakerJr | last post by:
Hello all I have an ASP.NET 2003 application (running Windows XP) that allows user to change and reset their Active Directory password. I'm using an admin account to query and reset the passwords once the user enters criteria to identify themselves. I want to check, in code, the Account Option "User cannot change password" in Active Directory to determine if they can or cannot change their password but I don't know how to do that. Any help...
3
5039
by: =?Utf-8?B?QXhlbCBEYWhtZW4=?= | last post by:
Hi, we've got a strange problem here: We've created an ASP.NET 2.0 web application using Membership.ValidateUser() to manually authenticate users with our website. The problem is: If the user has the "User must change password" flag set in Active Directory, ValidateUser() always returns false if that user wants to log in.
0
8683
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8610
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9170
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8902
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7740
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6528
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5862
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
3052
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2339
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.