I am getting an AccessDenied exception while changing user's password using UserPrincipal class.
I am logging to an Asp.Net application through Windows Authentication (domain user). If I try to change other user's password I am getting the access denied exception. If I am doing the same with user that I am logged in, everything is OK - I can change password.
I thought, that if I will get UserPrincipal object using PrincipalContext, I will do anything to which my 'Principal - domain\adminAD' has privilidges in AD.
Body of method:
public bool SetPassword(string userName, string password)
{
var saved = false;
var ldapDomainName = "domain";
var ldapUsersOU = "OU=TEST,DC=domain,DC=com";
var ldapLogin = "domain\adminAD";
var ldapPassword = "password";
try
{
using (var principalContext = new PrincipalContext(
ContextType.Domain,
ldapDomainName,
ldapUsersOU,
ContextOptions.Signing | ContextOptions.Sealing | ContextOptions.Negotiate,
ldapLogin,
ldapPassword))
{
userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userName);
userPrincipal.SetPassword(password);
userPrincipal.Save(principalContext);
saved = true;
}
}
catch (Exception ex)
{
// Log exception
}
return saved;
}
I have already searched for the answer and I know that there are plenty of answers to similar topics. But none of them explain my problem, I guess.
