473,748 Members | 2,602 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Setting "User Cannot Change Password" Flag from ASP.NET/C#

I downloaded the attached code from MS. It flips on the "User Cannot Change
Password" on a user in AD and works great from a console or
windows app, but when put into an ASP.NET app I get a "The security ID
structure is invalid." error when trying to assign the new security
descriptor. I am running in Windows Authentication mode with IIS set to
Integrated security on an XP box.

Does anyone have a work around for this?

Thanks in advance.
John

(http://msdn.microsoft.com/library/de...-us/sds/sds/ma
naging_user_pas swords.asp)
using System;
using System.Director yServices;

public class securitydescrip torclass
{
public const string PASSWORD_GUID =
"{ab721a53-1e2f-11d0-9819-00aa0040529b}";
public const int ADS_UF_ACCOUNTD ISABLE=2;
public const int ADS_UF_PASSWORD _EXPIRED=0x8000 00;
public const int
ADS_UF_TRUSTED_ TO_AUTHENTICATE _FOR_DELEGATION =0x1000000;

public static void Main(string[] args)
{
DirectoryEntry ent = new DirectoryEntry( );
DirectoryEntry ou = ent.Children.Fi nd("OU=Consulti ng");
DirectoryEntry usr = ou.Children.Add ("CN=Alice Sullivan","user ");

string[] trustees = new string[]{@"NT AUTHORITY\SELF" ,"EVERYONE"} ;

ActiveDs.IADsSe curityDescripto r sd =

(ActiveDs.IADsS ecurityDescript or)usr.Properti es["ntSecurityDesc riptor"].Valu
e;
ActiveDs.IADsAc cessControlList acl =
(ActiveDs.IADsA ccessControlLis t)
sd.Discretionar yAcl;
ActiveDs.IADsAc cessControlEntr y ace = new
ActiveDs.Access ControlEntry();
foreach(string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = (int)
ActiveDs.ADS_AC ETYPE_ENUM.ADS_ ACETYPE_ACCESS_ DENIED_OBJECT;
ace.Flags =
(int)ActiveDs.A DS_FLAGTYPE_ENU M.ADS_FLAG_OBJE CT_TYPE_PRESENT ;
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask =
(int)ActiveDs.A DS_RIGHTS_ENUM. ADS_RIGHT_DS_CO NTROL_ACCESS;
acl.AddAce(ace) ;
}
sd.Discretionar yAcl = acl;
usr.Properties["ntSecurityDesc riptor"].Value = sd;
usr.CommitChang es();
}
}

Nov 16 '05 #1
1 10460
Don't know why you are getting the error you are getting. There are quite a
few AD methods that have problems when called from ASP.NET.
See the following.
http://msdn.microsoft.com/library/de...rustedcode.asp

Perhaps your problem is related?

I hope this info is helpful.
--- Nick

"John Beard" <jo********@fsa food.com> wrote in message
news:%2******** ********@TK2MSF TNGP10.phx.gbl. ..
I downloaded the attached code from MS. It flips on the "User Cannot Change Password" on a user in AD and works great from a console or
windows app, but when put into an ASP.NET app I get a "The security ID
structure is invalid." error when trying to assign the new security
descriptor. I am running in Windows Authentication mode with IIS set to
Integrated security on an XP box.

Does anyone have a work around for this?

Thanks in advance.
John

(http://msdn.microsoft.com/library/de...-us/sds/sds/ma naging_user_pas swords.asp)
using System;
using System.Director yServices;

public class securitydescrip torclass
{
public const string PASSWORD_GUID =
"{ab721a53-1e2f-11d0-9819-00aa0040529b}";
public const int ADS_UF_ACCOUNTD ISABLE=2;
public const int ADS_UF_PASSWORD _EXPIRED=0x8000 00;
public const int
ADS_UF_TRUSTED_ TO_AUTHENTICATE _FOR_DELEGATION =0x1000000;

public static void Main(string[] args)
{
DirectoryEntry ent = new DirectoryEntry( );
DirectoryEntry ou = ent.Children.Fi nd("OU=Consulti ng");
DirectoryEntry usr = ou.Children.Add ("CN=Alice Sullivan","user ");

string[] trustees = new string[]{@"NT AUTHORITY\SELF" ,"EVERYONE"} ;

ActiveDs.IADsSe curityDescripto r sd =

(ActiveDs.IADsS ecurityDescript or)usr.Properti es["ntSecurityDesc riptor"].Valu e;
ActiveDs.IADsAc cessControlList acl =
(ActiveDs.IADsA ccessControlLis t)
sd.Discretionar yAcl;
ActiveDs.IADsAc cessControlEntr y ace = new
ActiveDs.Access ControlEntry();
foreach(string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = (int)
ActiveDs.ADS_AC ETYPE_ENUM.ADS_ ACETYPE_ACCESS_ DENIED_OBJECT;
ace.Flags =
(int)ActiveDs.A DS_FLAGTYPE_ENU M.ADS_FLAG_OBJE CT_TYPE_PRESENT ;
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask =
(int)ActiveDs.A DS_RIGHTS_ENUM. ADS_RIGHT_DS_CO NTROL_ACCESS;
acl.AddAce(ace) ;
}
sd.Discretionar yAcl = acl;
usr.Properties["ntSecurityDesc riptor"].Value = sd;
usr.CommitChang es();
}
}

Nov 16 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
3343
by: twhan twhan via .NET 247 | last post by:
Hi, currently i am developing a Radius server application. Cananyone show me how can i unpack the "User-Password" attribute sothat i can get back the password in plain text so that i canverify it against my database. For example, the user entered password "testpassword". Assumethat the shared secret between the NAS and my radius server is"testshared". I am totally unfamiliar with .NET encryption (MD5,XOR), so please provide some sample codes if...
2
2652
by: caradhras | last post by:
I've been troubleshooting for a friend's charity. She wants their database accessible from both their PCs (I'll call them A & B), which are on a local network, both running A2K on Windows 98. I manually split the DB into a front & back end, and placed the backend in a shared folder on computer A. Made sure the shared folder was set to "full access." Computer A can open everything just fine. Next I copied the frontend to computer B and...
0
1228
by: John Beard | last post by:
I downloaded the attached code from MS. It flips on the "User Cannot Change Password" on a user in AD and works great from a console or windows app, but when put into an ASP.NET app I get a "The security ID structure is invalid." error when trying to assign the new security descriptor. I am running in Windows Authentication mode with IIS set to Integrated security on an XP box. Does anyone have a work around for this? Thanks in...
2
3796
by: partybob99 | last post by:
I am trying to call SP_Password from some vb.net code. This should be very straight forward but no matter what I do, I keep getting errors. Here is the code strConnectString = "Data Source=" + strServer + ";Initial Catalog=master;user id=" + strID + ";password=" + strOldPass + ";" Conn.ConnectionString = strConnectString Conn.Open()
0
2029
by: damontimm | last post by:
My setup: Mac OS 10.4.4; mysql 4.x ... everything was installed and working fine for some time. Today, I added drupal to my system and had to create a new database in mysql -- now I am having some problems. I will outline the problem, what I have tried to do to fix it, and what I think caused it. Hope you can help and I am sorry this is long. The problem: I can't login to mysql anymore with the "root" username (which is where I have all...
8
1843
by: Maxi | last post by:
Hello, i'm sorry my bad english :( I have CR9 Webservice, how to change databadse name and User_name into Webservice method? (not Viewer Control) Tks!! -- --------------------------
2
1906
by: =?Utf-8?B?Y2FzaGRlc2ttYWM=?= | last post by:
I have a .NET 1.1 component trying to connect to a database but I keep getting the following message when the exception is thrown: @"Login failed for user '\'." It appears that no user and role are being passed to the connection object, otherwise it would surely give the name of the user who was being denied. Has anyone come up against this before? A search told me to set both SQL and Windows authorisation on the SQL Server, but...
0
2549
by: FrankieBakerJr | last post by:
Hello all I have an ASP.NET 2003 application (running Windows XP) that allows user to change and reset their Active Directory password. I'm using an admin account to query and reset the passwords once the user enters criteria to identify themselves. I want to check, in code, the Account Option "User cannot change password" in Active Directory to determine if they can or cannot change their password but I don't know how to do that. Any help...
3
5043
by: =?Utf-8?B?QXhlbCBEYWhtZW4=?= | last post by:
Hi, we've got a strange problem here: We've created an ASP.NET 2.0 web application using Membership.ValidateUser() to manually authenticate users with our website. The problem is: If the user has the "User must change password" flag set in Active Directory, ValidateUser() always returns false if that user wants to log in.
0
9530
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9363
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9312
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9238
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6793
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4593
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4864
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3300
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2775
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.