Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > How to change user account properties by ASP.NET?

Reply
Thread Tools

How to change user account properties by ASP.NET?

 
 
Evgeny Zoldin
Guest
Posts: n/a
 
      11-23-2004
Hi ALL.

I have the configuration:
1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
2. ASP.NET application A configured to authenticate only users from
local Users group.

I would like to de the following:
Logged on user is able through ASP.NET-Pages to change its own Logon
Username, Password and Full Name

I tried to implement it by the code (C#):

DirectoryEntry deCurrUser = new DirectoryEntry("WinNT://" +
User.Identity.Name);
deCurrUser.Invoke("SetPassword", new string[]{"123"} ); // ***

If the logged on user belongs only to Users group then the statement ***
causes Exception "SystemUnautherizedException: General access denied error".
But as soon as that user has been included into Administrators group the
statement *** is executed well.

I know about impersonation possibility, but it requires to type clear
Administrators username and password in code-behind class that will be
published on target server.

So, what should I do in order to give to user the ability to change its
username, password and full name?
May be orginize on the target server a group, add the users into the group
and gain to this group some specils rights?

Thanx
Evgeny


 
Reply With Quote
 
 
 
 
Scott Allen
Guest
Posts: n/a
 
      11-23-2004
Hi Evgeny:

>I know about impersonation possibility, but it requires to type clear
>Administrators username and password in code-behind class that will be
>published on target server.


If you use
<identity impersonate="true"/>
in the web.config file, than you are impersonating the client without
using an explicit username / password. This is probably the safest
approach, because only local admins would be able to change the
passwords for the local users.

You can put username and password attributes in the <indentity>
element and have the password encrypted in the registry. This is
described in the remarks section of the following:
http://msdn.microsoft.com/library/de...itysection.asp

Note however, that all users will then have a request impersonating an
admin, so it's a dangerous approach.

--
Scott
http://www.OdeToCode.com/blogs/scott/
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      11-23-2004
Normally, a user can only call ChangePassword on themselves, not
ResetPassword. Administrators generally have rights to ResetPassword. The
latter doesn't require knowing the old password, the former does.

I think that will solve it.

Joe K.

"Evgeny Zoldin" <(E-Mail Removed)> wrote in message
news:OeW$%(E-Mail Removed)...
> Hi ALL.
>
> I have the configuration:
> 1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
> 2. ASP.NET application A configured to authenticate only users from
> local Users group.
>
> I would like to de the following:
> Logged on user is able through ASP.NET-Pages to change its own Logon
> Username, Password and Full Name
>
> I tried to implement it by the code (C#):
>
> DirectoryEntry deCurrUser = new DirectoryEntry("WinNT://" +
> User.Identity.Name);
> deCurrUser.Invoke("SetPassword", new string[]{"123"} ); // ***
>
> If the logged on user belongs only to Users group then the statement ***
> causes Exception "SystemUnautherizedException: General access denied
> error".
> But as soon as that user has been included into Administrators group the
> statement *** is executed well.
>
> I know about impersonation possibility, but it requires to type clear
> Administrators username and password in code-behind class that will be
> published on target server.
>
> So, what should I do in order to give to user the ability to change its
> username, password and full name?
> May be orginize on the target server a group, add the users into the group
> and gain to this group some specils rights?
>
> Thanx
> Evgeny
>



 
Reply With Quote
 
Evgeny Zoldin
Guest
Posts: n/a
 
      11-23-2004
Hi Scott,

thanks a lot for your help. One more question. is it possible to use
impresonating not for whole application but for selected page of them,
namely that where user will be change its data under imparsonated Admin
account?

Thank you in advance

Evgeny

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:(E-Mail Removed)...
> Hi Evgeny:
>
>>I know about impersonation possibility, but it requires to type clear
>>Administrators username and password in code-behind class that will be
>>published on target server.

>
> If you use
> <identity impersonate="true"/>
> in the web.config file, than you are impersonating the client without
> using an explicit username / password. This is probably the safest
> approach, because only local admins would be able to change the
> passwords for the local users.
>
> You can put username and password attributes in the <indentity>
> element and have the password encrypted in the registry. This is
> described in the remarks section of the following:
> http://msdn.microsoft.com/library/de...itysection.asp
>
> Note however, that all users will then have a request impersonating an
> admin, so it's a dangerous approach.
>
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/



 
Reply With Quote
 
Evgeny Zoldin
Guest
Posts: n/a
 
      11-23-2004
Hi Joe,

thank you for your advice, but how can I get oldPassword of currently logged
User in ASP.NET for feed ChangePassword method?

Evgeny

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:%(E-Mail Removed)...
> Normally, a user can only call ChangePassword on themselves, not
> ResetPassword. Administrators generally have rights to ResetPassword.
> The latter doesn't require knowing the old password, the former does.
>
> I think that will solve it.
>
> Joe K.
>
> "Evgeny Zoldin" <(E-Mail Removed)> wrote in message
> news:OeW$%(E-Mail Removed)...
>> Hi ALL.
>>
>> I have the configuration:
>> 1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
>> 2. ASP.NET application A configured to authenticate only users from
>> local Users group.
>>
>> I would like to de the following:
>> Logged on user is able through ASP.NET-Pages to change its own Logon
>> Username, Password and Full Name
>>
>> I tried to implement it by the code (C#):
>>
>> DirectoryEntry deCurrUser = new DirectoryEntry("WinNT://" +
>> User.Identity.Name);
>> deCurrUser.Invoke("SetPassword", new string[]{"123"} ); // ***
>>
>> If the logged on user belongs only to Users group then the statement ***
>> causes Exception "SystemUnautherizedException: General access denied
>> error".
>> But as soon as that user has been included into Administrators group the
>> statement *** is executed well.
>>
>> I know about impersonation possibility, but it requires to type clear
>> Administrators username and password in code-behind class that will be
>> published on target server.
>>
>> So, what should I do in order to give to user the ability to change its
>> username, password and full name?
>> May be orginize on the target server a group, add the users into the
>> group and gain to this group some specils rights?
>>
>> Thanx
>> Evgeny
>>

>
>



 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      11-23-2004
You would have to ask them for it unless you are using Basic authentication,
in which case you can just read the auth_password header. Most password
change processes prompt the user to enter the old password as well as the
new one to verify that the current user actually knows the old one, so I
don't think users will be too bothered by this.

Joe K.

"Evgeny Zoldin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Joe,
>
> thank you for your advice, but how can I get oldPassword of currently
> logged User in ASP.NET for feed ChangePassword method?
>
> Evgeny
>
> "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
> in message news:%(E-Mail Removed)...
>> Normally, a user can only call ChangePassword on themselves, not
>> ResetPassword. Administrators generally have rights to ResetPassword.
>> The latter doesn't require knowing the old password, the former does.
>>
>> I think that will solve it.
>>
>> Joe K.
>>
>> "Evgeny Zoldin" <(E-Mail Removed)> wrote in message
>> news:OeW$%(E-Mail Removed)...
>>> Hi ALL.
>>>
>>> I have the configuration:
>>> 1. WinXP PRO with MS IIS 5.0 and installed ASP.NET
>>> 2. ASP.NET application A configured to authenticate only users from
>>> local Users group.
>>>
>>> I would like to de the following:
>>> Logged on user is able through ASP.NET-Pages to change its own Logon
>>> Username, Password and Full Name
>>>
>>> I tried to implement it by the code (C#):
>>>
>>> DirectoryEntry deCurrUser = new DirectoryEntry("WinNT://" +
>>> User.Identity.Name);
>>> deCurrUser.Invoke("SetPassword", new string[]{"123"} ); // ***
>>>
>>> If the logged on user belongs only to Users group then the statement ***
>>> causes Exception "SystemUnautherizedException: General access denied
>>> error".
>>> But as soon as that user has been included into Administrators group the
>>> statement *** is executed well.
>>>
>>> I know about impersonation possibility, but it requires to type clear
>>> Administrators username and password in code-behind class that will be
>>> published on target server.
>>>
>>> So, what should I do in order to give to user the ability to change its
>>> username, password and full name?
>>> May be orginize on the target server a group, add the users into the
>>> group and gain to this group some specils rights?
>>>
>>> Thanx
>>> Evgeny
>>>

>>
>>

>
>



 
Reply With Quote
 
Scott Allen
Guest
Posts: n/a
 
      11-24-2004
Yes, Evgeny. One way to do this is with a <location> entry.
http://msdn.microsoft.com/library/de...ionelement.asp

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Tue, 23 Nov 2004 23:37:31 +0100, "Evgeny Zoldin"
<(E-Mail Removed)> wrote:

>Hi Scott,
>
>thanks a lot for your help. One more question. is it possible to use
>impresonating not for whole application but for selected page of them,
>namely that where user will be change its data under imparsonated Admin
>account?
>
>Thank you in advance
>
>Evgeny
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Designer Support: How to have user control's properties appear in IDE's properties window? Max2006 ASP .Net 2 07-13-2007 01:45 PM
Machine account (MyMachine$) logon process then tries to change TSInternet User Passsword ed Computer Security 3 01-30-2005 04:52 PM
Machine account (MyMachine$) logon process then tries to change TSInternet User Passsword ed Computer Security 0 01-29-2005 05:12 PM
How to change user account properties by ASP.NET? Evgeny Zoldin ASP .Net Security 6 11-24-2004 01:44 AM
Converting AIM Account 2 AOL Account? Computer Support 7 08-28-2004 12:14 AM



Advertisments