Ask Question. Asked 12 years, 11 months ago. Active 9 years, 10 months ago. Viewed 4k times. How would I update their windows password through ASP? Add a comment. Active Oldest Votes. Here are some recommendations: Secure the site using client certificates. If this is not possible use SSL at a minimum.
I would strongly recommend that you implement the actual password-changing logic in a secure webservice. The ASP. NET page should call the webservice to request the change.
You should store an audit trail of password changes. Test very thoroughly to ensure that the integrated security is recognizing your users properly. Make sure that users cannot accidentally change other users' passwords. Dave Swersky Dave Swersky 34k 9 9 gold badges 75 75 silver badges bronze badges. How is adding a web service going to improve security? It means that passwords are being sent across even more hops. Lex Li Lex Li When on my aspx. When i use: System. Ask a question. Quick access.
Search related threads. Remove From My Forums. Answered by:. Archived Forums. Security for ASP. NET security authentication, authorization, membership, roles, etc.
When I refer to the delegate, I am referring to the user that requires their password to be reset. When I refer to the manager, I am referring to the manager that is listed against the delegates account in the Active Directory. When I refer to the user, I am referring to the user that is attempting to reset the delegate's password via the web form. Once the Web.
The following image details how I have chosen to name these components on my form. Now that the proper components have been added to our form, we will need to add a reference to the System.
We do this by adding a reference via Visual Studio's Reference Manager and by adding the following using statement to our code:.
We are now ready to start work on the password reset btnReset itself. Since we will need to compare the Delegate's Manager's username against the name of the User who is requesting the password reset, it is essential that we capture the username of the User requesting the password reset.
We are able to do this with the following lines of code:. Once this username has been captured, we need to have something to compare it to. To gather the Delegate's Manager's username from the Active Directory, we need to perform two separate searches.
The first will capture the Manager's distinguished name from the Delegate's Active Directory user profile and the second will resolve the Manager's username from this distinguished name. We now need to compare the user's username to the manager's username. In the event that the user's username does in fact match the manager's username meaning that the user is the manager , we should proceed to check the delegate's account status, since we do not wish to allow managers to reset passwords for deactivated accounts.
0コメント