Access Denied when resetting a password

Question

We have the code:

PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, "domain.com", "DC=domain,DC=com", "login", "password"); var user = UserPrincipal.FindByIdentity(oPrincipalContext, IdentityType.SamAccountName, userName); //устанавливаем новый пароль try { user.SetPassword(newPass);

At the same time login is the most admin of all possible accounts in Active Directory. We start this business on localhost - everything is fine. We try to run the same procedure on a remote server, we get an error:

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)

 entry.Invoke("SetPassword", new object[] {newPass});

gives exactly the same result. At the same time, other Invoke and UserPrincipal methods work without problems, only SetPassword breaks. The web page is hosted on Azure Websites. What could be the problem? What is the difference to the application, where to work?

The bottom line is that you want to change someone's password.
Not everyone can change passwords, and therefore it is better to run the application under the user who can do it.
@Monk so now for example the user is created and edited (and this, too, not everyone can).
Why does changing a password require any special privileges?
If I understand correctly, are you trying to change the password in the local Active Directory through a page hosted in Azure?
I already basically answered this question to you ru.stackoverflow.com/questions/505041/… .

Walter nuss walter nuss 1,311 7 silver marks 20 bronze marks · Answer 1 · 2016-05-08T21:02:16

The problem seems to be that ASP.NET is not authorized to access the requested resources. By default, ASP uses user {MACHINE} \ ASPNET for requests. In order to circumvent this, you need to add <identity impersonate="true"/> to Web.config.

I tried to explicitly specify the userName and Password in identity - they don’t accept them at all

Access Denied when resetting a password

1 answer 1

More articles: