0

I'm creating an ASP application to allow users to change their active directory password over an SSL connection.

I finally got all this working but the method I'm using to get it done requires the domain admin password as shown below.

Set objIADS = GetObject("WinNT:").OpenDSObject("WinNT://domain", "Administrator", sDomainPassword, ADS_SECURE_AUTHENTICATION)
Set objIADSUser = objIADS.GetObject("user", sUserID)
objIADSUser.ChangePassword sOldPassword, sNewPassword

Now all that works fine but I need to pass the domain admin password to the OpenDSObject method.

I obviously don't want to store it in the clear in a text variable nor in the clear in a SQL Server table so what other options do I have?

AnonJr
  • 2,759
  • 1
  • 26
  • 39
Tom
  • 4,467
  • 17
  • 59
  • 91
  • 1
    If you have the userID, and oldPassword, and since by default users have the right to change their own passwords, why not use the user credentials instead of the administrator credentials to change the password? – MC ND Oct 21 '13 at 09:06

2 Answers2

1

After a previous comment, i realized the problem with the change of password in expired accounts. So, new try

Using the usual tools, you can wrap the code to do the password change in a .wsc (windows scripting component) file, register it, add to a com+ application running under the apropiated credentials (Administrator in your case) and instantiate the component from your asp code to do the password change.

That way the component will run under the needed credentials, and password will be stored inside com+ configuration.

MC ND
  • 69,615
  • 8
  • 84
  • 126
1

You can install CAPICOM from Microsoft on the server and use that for encryption of sensitive data like this.

Example ASP code to encrypt:

Set objEncryptedData = Server.CreateObject("CAPICOM.EncryptedData") objEncryptedData.Algorithm.Name = 3 '3=3DES objEncryptedData.Algorithm.KeyLength = 5 '5=256bit objEncryptedData.SetSecret "your-encryption-password" objEncryptedData.Content = "your-secret-data"

sEncryptedStream = "" & objEncryptedData.Encrypt(0) '0=CAPICOM_ENCODE_BASE64 Set objEncryptedData = Nothing

Example ASP code to decrypt:

Set objEncryptedData = Server.CreateObject("CAPICOM.EncryptedData") objEncryptedData.SetSecret "your-encryption-password"

objEncryptedData.Decrypt(sEncryptedStream) sDecryptedData = objEncryptedData.Content

Set objEncryptedData = Nothing

dmarietta
  • 1,940
  • 3
  • 25
  • 32