Change AD password from MVC3 application

Question

I am building a MVC3 web application with WIF and ADFS 2.0. What I want to do is to provide a change password-function for my users, they will be changing their AD password from this web application. Since I am in the development stage, I have to be able to change AD password from my development computer (outside domain). Later, permissions will be delegated to a user that runs the service with sufficient access.

I want to do this role based, without typing in username and password and I can't seem to find any resources which points me in the right direction.

Any suggestions?

Answer 1

There isn't anything specific in WIF or AD FS for changing user passwords. You'll have to use the standard AD functionality provided in the System.DirectoryServices namespace.

Here's some sample code for changing a password in AD:

internal UserPrincipal GetUser(string userName)
{
    PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, "YourADController",
                                               "YourADContainer",
                                               "ADAdminUser", "ADAdminPassword");

    UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, userName);

    return user;
}

internal void ResetPassword(string userName, string newPassword)
{
    try
    {
        //
        // Update normal AD attributes
        //
        UserPrincipal user = GetUser(userName);
        user.SetPassword(newPassword);
    }
    catch (PasswordException)
    {
        throw new Exception("Password does not meet complexity requirements");
    }
}

internal void SetPassword(string userName, string oldPassword, string newPassword)
{
    try
    {
        //
        // Update normal AD attributes
        //
        UserPrincipal user = GetUser(userName);
        user.ChangePassword(oldPassword, newPassword);
    }
    catch (PasswordException)
    {
        throw new Exception("Password does not meet complexity requirements");
    }
}