In this
post let us see how to create a password change web part for SharePoint 2010.
This code sample is targeted towards windows authentication against an Active
Directory.
A little background before moving to the actual
web part.
In
windows authentication mode, the user credentials are validated against Active
Directory. The logged in user in SharePoint application may or may not have
necessary privileges to access/modify Active Directory entries. So an
impersonation of user account is required to modify the same. Password change
can be performed by impersonating with the identity of Application pool or with
a specific user account that has privileges to modify Active Directory. This
post uses Application Pool identity to change password of logged in user,
assuming that the user account associated with the application pool has
sufficient privileges to change entries in Active Directory. Refer the link
specified at the bottom of the post to know more about impersonation with a
specific account.
Now
lets start building our web part
To
begin with, create a new Visual WebPart Project and add a new class with the
name Impersonator. This class acts as a Helper class to perform impersonation.
This helper class uses System.Security.Principal namespace and contains method
to start and stop impersonation. The below is the content of Impersonator
class.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
using System.Security.Principal;
public class Impersonator
{
private WindowsImpersonationContext ctx = null;
public bool IsImpersonated { get; set; }
public void BeginImpersonation()
{
try
{
if (!WindowsIdentity.GetCurrent().IsSystem)
{
ctx
= WindowsIdentity.Impersonate(WindowsIdentity.GetCurrent().Token);
IsImpersonated
= true;
}
}
catch
{
IsImpersonated
= false;
}
}
public void StopImpersonation()
{
if (ctx != null)
{
ctx.Undo();
}
}
}
|
Open
up the ascx file of the visual web part and place the below code to create the
UI part of password change control.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
<asp:Literal ID="ltMsg" EnableViewState="false" runat="server"></asp:Literal>
<div>
<h3>
<span>Change
Password</span>
</h3>
<table width="400px">
<tr>
<td>
New
PassWord
</td>
<td>
:
</td>
<td>
<asp:TextBox ID="txtPass1" runat="server"
TextMode="Password">
</asp:TextBox>
</td>
</tr>
<tr>
<td>
Re-enter
PassWord
</td>
<td>
:
</td>
<td>
<asp:TextBox ID="txtPass2" runat="server" TextMode="Password">
</asp:TextBox>
</td>
</tr>
<tr>
<td colspan="3" align="center">
<br />
<asp:Button ID="btnChangePwd" runat="server" Text="Change Password"
OnClick="btnChangePwd_Click" />
</td>
</tr>
</table>
<br />
<br />
</div>
|
By
now the visual web part looks like the below image
Now
add reference to System.DirectoryServices.AccountManagement assembly and
include the name space , which is in the same name of assembly, to the
code behind file of user control.
Create
a new function to change password and invoke the same in click event of Change
Password button.
using System.DirectoryServices.AccountManagement;
private void ChangePassword(string NewPwd)
{
try
{
Impersonator
Imp = new Impersonator();
Imp.BeginImpersonation();
using (var context = new PrincipalContext(ContextType.Domain))
using (var user = UserPrincipal.FindByIdentity(
context,
IdentityType.SamAccountName,
Microsoft.SharePoint.SPContext.Current.
Web.CurrentUser.LoginName))
{
user.SetPassword(NewPwd);
}
if (Imp.IsImpersonated)
{
Imp.StopImpersonation();
ltMsg.Text
= "Password successfully changed";
}
else
{
ltMsg.Text
= "Unable to change your password. Please contact your
Administrator";
}
}
catch (Exception Ex)
{
ltMsg.Text
= Ex.Message;
}
}
protected void btnChangePwd_Click(object sender, EventArgs e)
{
//Validation
of new Password goes here ...
ChangePassword(txtPass2.Text);
}
|
Now
we are good to go. Build and deploy the application to test it in your farm.
Note
: If the Application Pool account doesn't have necessary privileges in Active
Directory , use a different account in impersonator class.
Refer
the below link to find out how to perform impersonation with a specific user
account.
No comments:
Post a Comment