/// <summary> /// Change password for a user inside Active Directory /// </summary> /// <param name="username">User Name</param> /// <param name="currentPass">Current Password</param> /// <param name="newPass">New Password</param> /// <returns></returns> public static ADMessage ChangePassword(string username, string currentPass, string newPass) { ADMessage messageResult = new ADMessage(); #region Change Password try { using (HostingEnvironment.Impersonate()) { // Get the domain context using (var ctx = new PrincipalContext(ContextType.Domain)) { if (!string.IsNullOrEmpty(username)) { var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username); if (user != null) { user.ChangePassword(currentPass, newPass); user.Save(); messageResult.Result = MessageStatus.Success; messageResult.Messages.Add("The password has been successfully changed"); } else { messageResult.Result = MessageStatus.Error; messageResult.Messages.Add(string.Format("{0} not found", username)); } } } } } catch (PasswordException ex) { messageResult.Result = MessageStatus.Error; if (ex.Message.Contains("0x800708C5")) // if there are other message Ids that you want to handle, add them here. { messageResult.Messages.Add("Please check minimum password age, password history or other details on password policy with you network administrator."); } else { messageResult.Messages.Add(ex.Message); } } #endregion return(messageResult); }
// RFC 185138 - AD Integration CH1 - End - Added the below method to get the list of users from the LDAP server // RFC 185138 - AD Integration CH2 - Start - Added the below method to validate the credential against the LDAP server /// <summary> /// Method which will perfrom query based on combination of username and password /// This is used with the login process to validate the user credentials and return the response of the LDAP server validation. /// </summary> /// <param name="UserName"></param> /// <param name="Password"></param> /// <returns></returns> public static string GetUser(string UserName, string Password) { try { DirectoryEntry de = GetDirectoryObject(UserName, Password); if (de != null) { DirectorySearcher deSearch = new DirectorySearcher(); deSearch.SearchRoot = de; deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + UserName + "))"; deSearch.SearchScope = SearchScope.Subtree; SearchResult results = deSearch.FindOne(); if (results != null) { return(CSAAWeb.Constants.AD_AUTH_SUCCESS); } else { return(CSAAWeb.Constants.AD_AUTH_FAILURE); } } else { return(CSAAWeb.Constants.APPLICATION_ERROR); } } catch (DirectoryServicesCOMException ex) { string ADAuthErrMsg; string ADMessage; ADMessage = ex.ExtendedErrorMessage; if (ADMessage.Contains("52e")) { //RFC 185138 - AD Integration start : Defect 226 Made code changes to display different error message for the user whose user id does not exists in Payment tool data base by cognizant on 05/03/2012 AuthenticationClasses.WebService.Authentication auth = new AuthenticationClasses.WebService.Authentication(); SessionInfo s = new SessionInfo(UserName, "APDS"); UserInfo U = auth.GetContactInfo(UserName, 0, s); if (string.IsNullOrEmpty(U.UserId)) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTFOUND; } else { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_INVALID; } //RFC 185138 - AD Integration end: Defect 226 Made code changes to display different error message for the user whose user id does not exists in Payment tool data base by cognizant on 05/03/2012 } else if (ADMessage.Contains("775")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_LOCKED; } else if (ADMessage.Contains("701")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_ACNTEXPIRED; } else if (ADMessage.Contains("533")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_DISABLED; } else if (ADMessage.Contains("532")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_PWDEXPIRED; } else if (ADMessage.Contains("525")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTFOUND; } else if (ADMessage.Contains("530")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTPERMITTEDATTHISTIME; } else if (ADMessage.Contains("531")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTPERMITTEDFROMTHISCOMP; } else if (ADMessage.Contains("773")) { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_RESETPASSWORD; } else { ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_ADAUTH; } return(ADAuthErrMsg); } }