I get an AccessDenied exception when changing a user password using the UserPrincipal class.
I register with an Asp.Net application through Windows Authentication (domain user). If I try to change another user password, I get an exception that excludes access. If I do the same with the user that I logged in to, everything is in order - I can change the password.
I thought that if I get a UserPrincipal object using PrincipalContext , I will do everything my "Principal-domain \ adminAD" has privileges in AD.
Method body:
public bool SetPassword(string userName, string password) { var saved = false; var ldapDomainName = "domain"; var ldapUsersOU = "OU=TEST,DC=domain,DC=com"; var ldapLogin = "domain\adminAD"; var ldapPassword = "password"; try { using (var principalContext = new PrincipalContext( ContextType.Domain, ldapDomainName, ldapUsersOU, ContextOptions.Signing | ContextOptions.Sealing | ContextOptions.Negotiate, ldapLogin, ldapPassword)) { userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userName); userPrincipal.SetPassword(password); userPrincipal.Save(principalContext); saved = true; } } catch (Exception ex) {
I have already searched for an answer, and I know that there are many answers on similar topics. But none of them explain my problem, I think.
source share