ASP.NET WEb Application - AD reset Password using impersonation

Question

User-2093697764 posted

I have created the web apps to reset the AD password using impersonation?

Some of my AD user I can reset password, but some user I am getting this error..

Why I am getting this error. Please help me

 

<identity impersonate="true" userName="domain\username" password="password" />

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

Line 88: // Change the user's password and commit the change. Line 89: string newpassword = "@test12345"; Line 90: userEntry.Invoke("SetPassword", newpassword); Line 91: userEntry.CommitChanges(); Line 92:

Source File: t:\dev.avila.edu\ASPNET\ADAdmin\Default.aspx.cs    Line: 90

Stack Trace:

[UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))] [TargetInvocationException: Exception has been thrown by the target of an invocation.] System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args) +238 Default2.ResetUserPassword(Object sender, EventArgs e) in t:\dev.avila.edu\ASPNET\ADAdmin\Default.aspx.cs:90 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +110 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565

Answer 1

User-718146471 posted

Check what the app pool configured identity is. That is where you actually can force the app to impersonate.

Answer 2

User-718146471 posted

Check over this article: http://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.100).aspx

<identity impersonate="true" 
  userName="contoso\Jane" 
  password="********" />

That should work. If not, I would check that the user you specified actually is an AD administrator.

Answer 3

User-2093697764 posted

Thankyou! 

I have added already  in my web.config

<identity impersonate="true" 
  userName="domain\user"   password="********" />I

 

Ok  I will try AD Administrator access .