In this post let us see how to create a password change web part for SharePoint 2010. This code sample is targeted towards windows authentication against an Active Directory.
A little background before moving to the actual web part.
In windows authentication mode, the user credentials are validated against Active Directory. The logged in user in SharePoint application may or may not have necessary privileges to access/modify Active Directory entries. So an impersonation of user account is required to modify the same. Password change can be performed by impersonating with the identity of Application pool or with a specific user account that has privileges to modify Active Directory. This post uses Application Pool identity to change password of logged in user, assuming that the user account associated with the application pool has sufficient privileges to change entries in Active Directory. Refer the link specified at the bottom of the post to know more about impersonation with a specific account.
Now lets start building our web part
To begin with, create a new Visual WebPart Project and add a new class with the name Impersonator. This class acts as a Helper class to perform impersonation. This helper class uses System.Security.Principal namespace and contains method to start and stop impersonation. The below is the content of Impersonator class.
using System.Security.Principal;
public class Impersonator
{
private WindowsImpersonationContext ctx = null;
public bool IsImpersonated { get; set; }
public void BeginImpersonation()
{
try
{
if (!WindowsIdentity.GetCurrent().IsSystem)
{
ctx = WindowsIdentity.Impersonate(WindowsIdentity.GetCurrent().Token);
IsImpersonated = true;
}
}
catch
{
IsImpersonated = false;
}
}
public void StopImpersonation()
{
if (ctx != null)
{
ctx.Undo();
}
}
}
Open up the ascx file of the visual web part and place the below code to create the UI part of password change control.
<asp:Literal ID="ltMsg" EnableViewState="false" runat="server"></asp:Literal> <div> <h3> <span>Change Password</span> </h3> <table width="400px"> <tr> <td> New PassWord </td> <td> : </td> <td> <asp:TextBox ID="txtPass1" runat="server" TextMode="Password"></asp:TextBox> </td> </tr> <tr> <td> Re-enter PassWord </td> <td> : </td> <td> <asp:TextBox ID="txtPass2" runat="server" TextMode="Password"></asp:TextBox> </td> </tr> <tr> <td colspan="3" align="center"> <br /> <asp:Button ID="btnChangePwd" runat="server" Text="Change Password" OnClick="btnChangePwd_Click" /> </td> </tr> </table> <br /> <br /> </div>
By now the visual web part looks like the below image
Now add reference to System.DirectoryServices.AccountManagement assembly and include the name space , which is in the same name of assembly, to the code behind file of user control.
Create a new function to change password and invoke the same in click event of Change Password button.
using System.DirectoryServices.AccountManagement;
private void ChangePassword(string NewPwd)
{
try
{
Impersonator Imp = new Impersonator();
Imp.BeginImpersonation();
using (var context = new PrincipalContext(ContextType.Domain))
using (var user = UserPrincipal.FindByIdentity(
context,
IdentityType.SamAccountName,
Microsoft.SharePoint.SPContext.Current.Web.CurrentUser.LoginName))
{
user.SetPassword(NewPwd);
}
if (Imp.IsImpersonated)
{
Imp.StopImpersonation();
ltMsg.Text = "Password successfully changed";
}
else
{
ltMsg.Text = "Unable to change your password. Please contact your Administrator";
}
}
catch (Exception Ex)
{
ltMsg.Text = Ex.Message;
}
}
protected void btnChangePwd_Click(object sender, EventArgs e)
{
//Validation of new Password goes here ...
ChangePassword(txtPass2.Text);
}Now we are good to go. Build and deploy the application to test it in your farm.
Note : If the Application Pool account doesn’t have necessary privileges in Active Directory , use a different account in impersonator class.
Refer the below link to find out how to perform impersonation with a specific user account.
http://support.microsoft.com/kb/306158
Leave a comment