locked
Exceptions while deploying web application controlling user accounts in Active Directory RRS feed

  • Question

  • User-78957300 posted

    Hi,

    I am writing this post after googling aroung for 2-3 days..Frown but still can't find any resolution to my problems.

    Let me describe my problem:-

    I have created a website which does the following tasks:

    1) Creates a user

    2)Enables/Disables users

    3)Delete users

    4)Unlocks users

    5)Reset password of a user

    in Active Directory.

    I have used impersonation in my application which uses the admin credentials to perform above tasks.

    When i run this application in debug mode through Visual Studio 2005 ,all the tasks are performed successfully.

    Now comes the deadly exceptions i am facing after publishing the website and hosting it on IIS.

    Task 2 & 3 are still working fine and i can enable/disable and delete user from AD even after hosting website but the problem comes in

    Resettind password

    Exception Details:-

    Exception has been thrown by the target of an invocation. || Trace:    at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
       at ADHelper.ResetPassword(String currentDomain, String userToResetPwd, String newPassword) in e:\New Project\AD Management\App_Code\ActiveDirectory\ADHelper.cs:line 421
       at ServiceDesk_SDDefault.btnResetPwd_Click(Object sender, EventArgs e) in e:\New Project\AD Management\ServiceDesk\SDDefault.aspx.cs:line 94 || InnerException: The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)

    Code Snippet:-

            DirectoryEntry oDE;
            oDE = GetDirectoryEntryForUser(currentDomain, userToResetPwd);
            try
            {
                // Reset the password.
                oDE.Invoke("SetPassword", new object[] { newPassword });
                oDE.CommitChanges();
                oDE.Close();
            }
            catch (System.DirectoryServices.DirectoryServicesCOMException E)
            {
                throw E;
            }

          private static DirectoryEntry GetDirectoryEntryForUser(string currentDomain, string userName)
        {
            DirectoryEntry user = null;
            DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://" + currentDomain);
            directoryEntry.AuthenticationType = AuthenticationTypes.Secure;
            DirectorySearcher searcher = new DirectorySearcher(directoryEntry);
            searcher.Filter = "(& (objectCategory=person)(SAMAccountName= " + userName + "))";
            SearchResult result = searcher.FindOne();
            if (result != null)
            {
                user = result.GetDirectoryEntry();
                user.AuthenticationType = AuthenticationTypes.Secure;
            }
            return user;
        }


    Creating User

    Exception Details:-

    The specified component could not be found in the configuration information. at System.DirectoryServices.DirectoryEntry.Bind(bool throwIfFail)

    Code Snippet

    public static string CreateUser(string currentDomain, ADUser objADUser)
        {
            string oGUID = string.Empty;
            try
            {
                DirectoryEntry newUser = null, dirEntry = null;
                dirEntry = new DirectoryEntry("LDAP://" + GetDomainString(currentDomain));
                if (!DoesUserExist(currentDomain, objADUser.LogonName))
                {
                    newUser = dirEntry.Children.Add("CN=" + objADUser.LastName + " " + objADUser.FirstName, "user");
                }
                else
                {
                    newUser = GetDirectoryEntryForUser(currentDomain, objADUser.LogonName);
                }
                SetProperty(newUser, "samaccountname", objADUser.LogonName);
                SetProperty(newUser, "displayname", objADUser.FullName);
                SetProperty(newUser, "givenname", objADUser.FirstName);
                SetProperty(newUser, "sn", objADUser.LastName);
                SetProperty(newUser, "initials", objADUser.Initials);
                SetProperty(newUser, "telephonenumber", objADUser.TelephoneNo);
                SetProperty(newUser, "description", objADUser.Description);
                SetProperty(newUser, "wwwhomepage", objADUser.WebPage);
                SetProperty(newUser, "streetaddress", objADUser.Street);
                SetProperty(newUser, "postofficebox", objADUser.POBOX);
                SetProperty(newUser, "st", objADUser.State);
                SetProperty(newUser, "l", objADUser.City);
                SetProperty(newUser, "co", objADUser.Country);
                SetProperty(newUser, "postalcode", objADUser.PostalCode);
                SetProperty(newUser, "profilepath", objADUser.ProfilePath);
                SetProperty(newUser, "scriptpath", objADUser.LogOnScriptPath);
                SetProperty(newUser, "homedirectory", objADUser.HomeFolder);
                SetProperty(newUser, "mobile", objADUser.Mobile);
                SetProperty(newUser, "homephone", objADUser.HomePhone);
                SetProperty(newUser, "ipphone", objADUser.IPPhone);
                SetProperty(newUser, "title", objADUser.Title);
                SetProperty(newUser, "projectcode", objADUser.ProjectCode);
                SetProperty(newUser, "info", objADUser.Notes);
                SetProperty(newUser, "manager", objADUser.Manager);
                SetProperty(newUser, "department", objADUser.Department);
                SetProperty(newUser, "company", objADUser.Company);

                newUser.CommitChanges();
                oGUID = newUser.Guid.ToString();

                newUser.Invoke("SetPassword", new object[] { objADUser.Password });
                newUser.CommitChanges();

                if (objADUser.GroupList.Count > 0)
                {
                    for (int i = 0; i < objADUser.GroupList.Count; i++)
                    {
                        AddUserToGroup(dirEntry, newUser, objADUser.GroupList[i].ToString());
                    }
                }

                if (dirEntry != null)
                    dirEntry.Close();

                //password never expires
                if (objADUser.PasswordNotExpires)
                    PasswordDosentExpire(newUser);

                newUser.Close();

                if (!objADUser.IsDisable)
                    Enable(currentDomain, objADUser.LogonName);

            }
            catch (System.DirectoryServices.DirectoryServicesCOMException E)
            {
                throw E;
            }
            return oGUID;
        }

    private static void SetProperty(DirectoryEntry de, string propertyName, string propertyVal)
        {
            if (!string.IsNullOrEmpty(propertyVal))
            {
                if (de.Properties.Contains(propertyName))
                {
                    de.Properties[propertyName].Value = propertyVal;
                }
                else
                {
                    de.Properties[propertyName].Add(propertyVal);
                }
            }
            else
            {
                if (de.Properties.Contains(propertyName))
                    de.Properties[propertyName].RemoveAt(0);
            }
        }

    Unlock User

    Exception:

    Class not registered. at System.DirectoryServices.ProperteyValueCollection.PopulateList()

    Code Snippet

         try
            {
                DirectoryEntry user = GetDirectoryEntryForUser(currentDomain, userToUnlock);
                if (user != null)
                {
                    user.Properties["LockOutTime"].Value = 0; //unlock account
                    user.CommitChanges(); //may not be needed but adding it anyways
                    user.Close();
                }
            }
            catch (System.DirectoryServices.DirectoryServicesCOMException E)
            {
                throw E;

            }

    This seems to me a security issue but i cant find what is wrong ....

    Please help me with this...a prompt response would be appreciated....

    Thanks in advance


    Tuesday, June 8, 2010 5:42 AM

Answers

  • User1508394307 posted

    Regarding your first code to reset the password. If user was not found for any reason when it will be null. After that you're trying to set

    oDE.Invoke("SetPassword", new object[] { newPassword });

    and maybe this is a problem. Try to validate it and show error message if user was not found.

    If user was found - check if you were authenticated correctly

    <%= Context.User.Identity.Name %>

    Cheers!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 8, 2010 7:56 AM