Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Change Password webpart for ADAM authentication

  Asked By: Tanesha    Date: Mar 24    Category: Sharepoint    Views: 2609

We have implemented ADAM authentication as an FBA environment.
Everything is working perfect. Now I want to allow user to change their
password, forgot password with question/answer hints. Can anyone suggest
me any webpart or code, so I can implement. I know about ECTS at
codeplex.com, but I dont want to use that.



15 Answers Found

Answer #1    Answered By: Gwendolyn Acosta     Answered On: Mar 24

Have you looked at http://codeplex.com/cks? I think that the User Group Edition
(UGE) has examples of self registration and change  password. If not, we have a
Web Part that we used to give away. I'll have to look it up but you are welcome
to it.

Answer #2    Answered By: Kyle Hernandez     Answered On: Mar 24

The CKS:IEE has the web parts for self-registration and FBA User Administration.
However, those web parts require a functional, configured FBA authentication

Answer #3    Answered By: Kedar Phule     Answered On: Mar 24

I did this for one client in the past simply by implementing a custom Login.aspx
page that included the standard ASP.NET 2.0 User Registration Wizard and
Password change  controls. In that case we implemented  the FBA environment  using
the LDAPmembership provider. Did you use the LDAP provider, the AD provider, or
did you create your own?

Answer #4    Answered By: Chanel Gaines     Answered On: Mar 24

I try to understand, but it seems it work only if you have installed completed
CKS. I will be thankful if you provide me webparts.

Answer #5    Answered By: Timmy Whitney     Answered On: Mar 24

Unless I have missed something, using ADAM as it exists out of the
box you cannot implement  a password  retrieval mechanism as ADAM does
not allow the retrieval of passwords.

We created a custom attribute to store a "mirrored" coppy of the
password (encrypted of course). This may seem a bit redundant, but
this allows things such as the ActiveDirectoryMembershipProvider to
work with a standard configuration (it uses the internal password) as
well as being able to use the password for things like Single Sign On
(SSO). We could have implemented  a password retrieval mechanism but
we chose not to (at least not for now).

I could share code  but there really isn't anything fancy about what
we have done (just a lot of LDAP programming using classes from the
System.DirectoryServices namespace).

Answer #6    Answered By: Harihar Sonnad     Answered On: Mar 24

SQL membership providers don't store passwords either, they only store a HASH
code for the password. So the ASP.NET password  retrieval control is setup to
reset the password to a randomly generated one and send that as the "RESET"

Answer #7    Answered By: Deven Gajjar     Answered On: Mar 24

Well, you can configure the SQLMembership provider to store the passwords in
clear text, it is just not recommended.

Answer #8    Answered By: Latisha Schneider     Answered On: Mar 24

You can also configure the SqlMembershipProvider to store passwords
in an encrypted format (with a symmetric algorithm) which enables
password retrieval.

Answer #9    Answered By: Nora Maxwell     Answered On: Mar 24

Understood. The point was that the default is HASH, but properly configured the
Password retrieval control still works. The original question suggested the
control couldn't be used because of the way ADAM stores (or doesn't store)
passwords. I was merely giving an example that proves it does work with FBA
providers that don't store the password.

Answer #10    Answered By: Corina Duran     Answered On: Mar 24

I am using ADAM (Active Directory Acess Module)

Answer #11    Answered By: Irving Hurley     Answered On: Mar 24

I understand that you are using ADAM as the directory. But which ASP.NET
membership provider did you implement  and point at ADAM? There are several
available. You could have used the generic LDAPmembership provider, or the
ADmembership provider. Or you could have written your own custom provider. The
parameters you need to set on the provider are different depending which one you

Answer #12    Answered By: Trevor Davis     Answered On: Mar 24

If it is not against your ethics, can you please share the code? I am mainly
interested in Change password  as well reset password.

Answer #13    Answered By: Kristie Hardy     Answered On: Mar 24

The following code  snippet is what I use...

object[] parameters = null;

parameters = new object[1];
parameters[0] = "password";

de.Invoke("SetPassword", parameters);

The string "password" should be replaced with the desired password.
The de object is a DirectoryEntry object representing the (user)
object you want to set or change  the password  for. You should also
add code to the catch block but what is added will be up to you.

This will set what I call the internal password (the one that cannot
be retrieved). As mentioned, we store a "mirrored" copy of the
password in another attribute. This is set just like any other
attribute (using a custom encryption component in our case).

There a few things I would like to mention in case you are not
already aware of them (please disregard them if you are).

First, if you use the code above, by default, you must make a
connection to ADAM via SSL. Configuring a certificate for use with
ADAM is not too bad once you have done it a time or two. You can set
a flag so that password resets will work over a non-secure port but
this is not recommended for a production environment.

Second, when setting a password in ADAM, the password policy of all
accounts in ADAM is inherited from the password policy for the
account (NETWORK SERVICE, domain account, etc.) that is used to run
the ADAM service.

Third, there is a book titled "The .NET Developer's Guide to
Directory Services Programming" available. I do not own this book
personally but I have been told it is good. A consultant that helped
us once had this book which is what he used to help me figure out the
code above. The web site for this book
(http://www.directoryprogramming.net) has a good forum to post
questions. I think this site is really intended for discussions
about the book but one of the authors (Joe Kaplan) is nice enough to
answer other questions (and has done so a number of times for me).
This is a bit off topic but if you ever find yourself working  with
(swearing at) the ADFS product, this site has an excellent forum for
this product as well.

Answer #14    Answered By: Shayla Mcbride     Answered On: Mar 24

Here is my code, am able to add web part but once I click for submit, it is
giving me following error
"Password couldn't be changed due to restrictionsUnknown error (0x80005000)"

Please advise
****** code  Start
try{//change password  for the forms auth user//output.Text +=
strLoginName;//MembershipUser mUser =
Membership.GetUser(GetUserName());DirectoryEntryentry =
newDirectoryEntry("LDAP://localhost:389/CN=Users,O=ADAM,C=US", strLoginName,
oldpassword.Text.ToString(), AuthenticationTypes.None);try{
output.Text +=
output.Text +=
output.Text += ex.Message;
output.Text +=
output.Text += "SetPassword", newobject[] { newpassword.Text.ToString() });"<BR>
<b>Password is changed</b>";catch(Exceptionex)"<b> Password couldn't be changed
due to restrictions<b>";"<BR> <b>Password is
changed</b>";catch(Exceptionerror)"User Password change  Error:\n"+
error.StackTrace.ToString() + "\n"+ error.Message.ToString();//output.Text +=
"<BR>" + error.Message.ToString();}
****** Code Ends

Answer #15    Answered By: Jarvis Rowe     Answered On: Mar 24

I am using LDAPmembership provide. I followed these article for installing and
configuring ADAM
Let me know if you need more information

Didn't find what you were looking for? Find more on Change Password webpart for ADAM authentication Or get search suggestion and latest updates.