Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


January 2001

Changing Passwords over the Web


From the January 2001 Edition
of Windows IT Pro
Ken Spencer
Feature
InstantDoc #16225
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Internet Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Download the Code Here

ADSI helps you give users an easy-to-use Web interface for changing their passwords

Locally logged-on users can easily change their password through the Windows interface. When you're using Integrated Windows, Windows NT Challenge/Response, or Digest authentication, a user must log on to a system that supports Microsoft Internet Explorer (IE) and the authentication method. The user can use standard Windows utilities to change a password directly through the Windows interface during the current logon session. Users who are disconnected from the network part of the time can change their passwords during their next logon session.

However, when you're using Basic authentication or you need to implement a Web-browser-based change-password interface for users of an OS authentication method, you have no easy way for users to change their password. In these situations, Microsoft Active Directory Service Interfaces (ADSI) and some straightforward code let you give users an interface for password change.

Authentication Methods
Before you tackle password changes, you need to understand the authentication methods that Windows 2000 and NT 4.0 use and select the one that is appropriate for your situation. NT 4.0 can use Anonymous access, which lets anyone use a Web application or Web site. Microsoft IIS automatically uses the IUSR_MachineName account to log an Anonymous user on to the server. If you turn off Anonymous access, NT 4.0 can use Basic authentication, which prompts the user for a username and password when the user first visits a site or application. Then the OS verifies the username and password against the local user account or domain database.

Win2K and NT 4.0 can use another authentication option, which goes by a different name in each system: Integrated Windows security in Win2K and NT Challenge/Response in NT 4.0. Both mechanisms operate similarly to Basic authentication, but instead of forcing the user to enter a username and password, Integrated Windows security and NT Challenge/Response take the username and password from the OS. Then, IE uses the Web server's security database (e.g., the SAM, Active Directory—AD) to verify the username and password.

Win2K supports Digest authentication, which works only with Win2K domain controllers (DCs). Digest authentication takes the username and password from the credentials that the user supplied to the browser and verifies them against the user account database that the Web server uses.

You can also authenticate users against a database table, effectively creating your own authentication system. However, if you use this method, you lose Win2K or NT 4.0 security features that are available if the OS authenticates users. For example, you can't use ACLs or other OS security features that require authenticated users.

Choose an authentication method that fits your security goals. If you need file security, use Basic authentication, Integrated Windows security, NT Challenge/ Response, or—in Win2K—Digest authentication. If you just need application security, create an authentication system.

Using the IADsUser Interface
ADSI gives you a set of directory service interfaces for managing network resources, and you can use the ADSI IADsUser interface and script to change a user's password. I created two Active Server Pages (ASP) pages that demonstrate this procedure. Figure 1 shows the first page, ChangePasswordEntry.asp, and Listing 1 shows the script for the page.

ChangePasswordEntry.asp is an HTML file that gathers three crucial pieces of information for changing a user's password: username, existing password, and new password. After a user enters the information and clicks Submit, the script passes control to Change Password1.asp. This file contains the code, which Listing 2 shows, that actually changes the user's password.

The code in Listing 2 works in Win2K and NT 4.0 for usernames that are stored locally and aren't part of a domain or AD. Callout A in Listing 2 dimensions (i.e., creates) several variables that Change Password1.asp uses. Dimensioning makes code more readable for developers. You must use Option Explicit in code to force the dimensioning of all variables.

The code in Listing 2's callout B uses Xname and password values from ChangePasswordEntry.asp and place these values in the corresponding variables that callout A created. The If statement at callout B checks whether the sUser variable is blank. If it's blank, the code sends control back to ChangePasswordEntry.asp.

The code at callout C starts Change Password1.asp's real work. When you use ADSI, you must communicate with an ADSI provider that manages the resource you're connecting to. ChangePassword1 .asp uses the WinNT provider, which also works with Win2K when the Web server is using local user accounts. Callout C's first line builds the connection string and stores it in the sConnectString variable to begin the process of connecting to the WinNT provider. The connection string consists of the provider name (WinNT), separators (://), the computer name (bigboat), and a closing separator (/). Then callout C appends the username and ",user" to the string. The username represents the user object of the WinNT provider. The user object represents a user account.

After callout C's sConnectString statement builds the connection string, the Response.Write statement displays the string by sending it to the HTTP stream. Response.Write statements are great for debugging. After you've tested the code, you can precede them with one quotation mark (') so that they won't be executed. The Set oUser statement at callout C binds the oUser variable to an instance of the user object that represents the user specified in the connection string.

The two Response.Write statements that follow callout C help you debug the sample code because they let you inspect the username and password that Basic authentication provided to the server. They use the ServerVariables collection of the ASP Request object. The first line uses the LOGON_USER variable, which represents the currently logged-on user. You could also use the REMOTE_USER variable to return the user account. The second line returns the user's password from the AUTH_ PASSWORD variable if the user is logged on with Basic authentication.

The line that changes the password is

oUser.ChangePassword sPassword, sNewPassword

at callout D. The first parameter to ChangePassword is the user's current password (sPassword). The second parameter is the user's new password (sNewPassword). After the script has finished running, the new password will take effect.

   Previous  [1]  2  Next 


Top Viewed ArticlesView all articles
CES 2009: Ballmer Announces Windows 7, Windows Live, Live Search Milestones

During his first-ever Consumer Electronics Show (CES) 2009 keynote address last night in Las Vegas, Microsoft CEO Steve Ballmer announced the pending public availability of a feature-complete Windows 7, the final version of Windows Live Essentials, and ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

Where is Microsoft NetMeeting in Windows XP?

...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Cloud Computing Forum: Integrating Software, Server and Storage as a Service into Your Enterprise IT Delivery Model

Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Download Data Protection Manager 2007
Disaster recovery at a low cost

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.


Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Empower Your Processes with PowerShell 201
Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

New Release: Windows IT Pro Master CD
13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2009 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing