At first, please forgive my English, it is not my mother tongue.
Then, here is my problem: I'm working on a web platform that manage the Active Directory. I can create, delete, edit a group, user, OU, and so on.
But. Yeah, but. When a connected user want to change his own password with the platform, it fails. It comes from DirectoryEntry.Invoke.
I used the DirectoryServices.DirectoryEntry:
directoryEntry.Invoke("SetPassword", password);
directoryEntry.Commit();
So I tried System.DirectoryServices.AccountManagement, that way:
PrincipalContext ctx = new PrincipalContext(ContextType.Machine);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, Username);
user.SetPassword(password_);
user.Save();
Different way, same problem. These codes work, it only fails when a user try to edit his own password.
How can a connected user change his own password ?
Why this weird problem ?
Any help would be greatful.
Best Answer
I think the problem here is that your application does not have permission to update the password which is correct!
The authorized method for granting the ASP.NET application permission to the directory is by way of either a privileged IIS Application Pool running under the identity of a service account or by way of a COM+ entity running under the identity of a service account.