/// <summary>
/// Change password for a user inside Active Directory
/// </summary>
/// <param name="username">User Name</param>
/// <param name="currentPass">Current Password</param>
/// <param name="newPass">New Password</param>
/// <returns></returns>
public static ADMessage ChangePassword(string username, string currentPass, string newPass)
{
ADMessage messageResult = new ADMessage();
#region Change Password
try
{
using (HostingEnvironment.Impersonate())
{
// Get the domain context
using (var ctx = new PrincipalContext(ContextType.Domain))
{
if (!string.IsNullOrEmpty(username))
{
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username);
if (user != null)
{
user.ChangePassword(currentPass, newPass);
user.Save();
messageResult.Result = MessageStatus.Success;
messageResult.Messages.Add("The password has been successfully changed");
}
else
{
messageResult.Result = MessageStatus.Error;
messageResult.Messages.Add(string.Format("{0} not found", username));
}
}
}
}
}
catch (PasswordException ex)
{
messageResult.Result = MessageStatus.Error;
if (ex.Message.Contains("0x800708C5")) // if there are other message Ids that you want to handle, add them here.
{
messageResult.Messages.Add("Please check minimum password age, password history or other details on password policy with you network administrator.");
}
else
{
messageResult.Messages.Add(ex.Message);
}
}
#endregion
return(messageResult);
}
// RFC 185138 - AD Integration CH1 - End - Added the below method to get the list of users from the LDAP server
// RFC 185138 - AD Integration CH2 - Start - Added the below method to validate the credential against the LDAP server
/// <summary>
/// Method which will perfrom query based on combination of username and password
/// This is used with the login process to validate the user credentials and return the response of the LDAP server validation.
/// </summary>
/// <param name="UserName"></param>
/// <param name="Password"></param>
/// <returns></returns>
public static string GetUser(string UserName, string Password)
{
try
{
DirectoryEntry de = GetDirectoryObject(UserName, Password);
if (de != null)
{
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + UserName + "))";
deSearch.SearchScope = SearchScope.Subtree;
SearchResult results = deSearch.FindOne();
if (results != null)
{
return(CSAAWeb.Constants.AD_AUTH_SUCCESS);
}
else
{
return(CSAAWeb.Constants.AD_AUTH_FAILURE);
}
}
else
{
return(CSAAWeb.Constants.APPLICATION_ERROR);
}
}
catch (DirectoryServicesCOMException ex)
{
string ADAuthErrMsg;
string ADMessage;
ADMessage = ex.ExtendedErrorMessage;
if (ADMessage.Contains("52e"))
{
//RFC 185138 - AD Integration start : Defect 226 Made code changes to display different error message for the user whose user id does not exists in Payment tool data base by cognizant on 05/03/2012
AuthenticationClasses.WebService.Authentication auth = new AuthenticationClasses.WebService.Authentication();
SessionInfo s = new SessionInfo(UserName, "APDS");
UserInfo U = auth.GetContactInfo(UserName, 0, s);
if (string.IsNullOrEmpty(U.UserId))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTFOUND;
}
else
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_INVALID;
}
//RFC 185138 - AD Integration end: Defect 226 Made code changes to display different error message for the user whose user id does not exists in Payment tool data base by cognizant on 05/03/2012
}
else if (ADMessage.Contains("775"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_LOCKED;
}
else if (ADMessage.Contains("701"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_ACNTEXPIRED;
}
else if (ADMessage.Contains("533"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_DISABLED;
}
else if (ADMessage.Contains("532"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_PWDEXPIRED;
}
else if (ADMessage.Contains("525"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTFOUND;
}
else if (ADMessage.Contains("530"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTPERMITTEDATTHISTIME;
}
else if (ADMessage.Contains("531"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_NOTPERMITTEDFROMTHISCOMP;
}
else if (ADMessage.Contains("773"))
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_RESETPASSWORD;
}
else
{
ADAuthErrMsg = CSAAWeb.Constants.AD_ERR_ADAUTH;
}
return(ADAuthErrMsg);
}
}
