Allowing users to change their own Active Directory properties

Sometimes it is very convenient to allow users to make their own changes

**This is almost completely stolen from Ryan Dunn's Blog with just a few modifications.  You should be able to take this, drop it into your application and run it, as long as you follow the directions it will work.

 

I had a problem with Ryan's code and for some (still unknown) reason, without the using (HostingEnvironment.Impersonate()) I had added, it would not work.  So you may, or may not need that, be sure to test both.  Also, as Ryan points out: This requires you to use Integrated Windows Authentication with impersonation and your IIS server must be set for delegation.

 

I edited it to make it a bit more friendly for the user by dumping out the info aligned as it was not originally, I also added the static string[] allowUserToEdit array that allows you to limit the attributes the users can edit themselves.  Keep in mind that this only allows users to edit SOME of the AD properties, the 'AllowedAttributes' set in AD.

 

Thanks a bunch to Joe Kaplan and the rest of the guys at http://directoryprogramming.net/ who were a huge help.  They also have a great book out that I just bought that is about the best resource you can find for asp.net LDAP programming.



Comments are closed