博客地址 http://blog.csdn.net/foxdave
本文将说明一个简单的重置SharePoint用户密码(NTLM Windows认证)的功能如何实现
重置密码功能,实际上就是重置域用户密码的功能,其实很简单。
解决方案结构如下图所示:
1. 创建SharePoint空解决方案。
2. 添加一个空元素,命名为ResetPassword,并将随之生成的Feature也一并修改,范围选择Site。
3. 我们想将重置密码的功能添加到用户菜单下,所以在空元素的Emlements.xml中,填写如下定义:
<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
<CustomAction
Id="{97526618-3FA0-4117-9882-9A1127C56687}"
Title="重置用户密码"
Description="重置用户密码"
Sequence="1003"
Location="Microsoft.SharePoint.StandardMenu"
GroupId="PersonalActions"
ImageUrl=""
Rights="EditListItems">
<UrlAction Url="_layouts/ResetPassword/ResetPassword.aspx"/>
</CustomAction>
</Elements>
定义的具体说明参阅“CustomAction Element”。
4. 添加Layous映射文件夹,其下的文件夹命名为ChangePassword,添加应用程序页。
对应用程序页进行编辑,添加必要的控件如要重置的用户名文本框、重置确认按钮、消息提示控件等。
前台页面:
<asp:Literal ID="ltMsg" EnableViewState="false" runat="server"></asp:Literal>
<div>
<h3>
<span>重置密码</span>
</h3>
<table width="400px">
<tr>
<td>用户名
</td>
<td>:
</td>
<td>
<asp:TextBox ID="txtUser" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td colspan="3" align="center">
<br />
<asp:Button ID="btnResetPwd" runat="server" Text="重置密码" OnClick="btnResetPwd_Click" />
</td>
</tr>
</table>
<br />
<br />
</div>
后台核心代码:
protected void btnResetPwd_Click(object sender, EventArgs e)
{
if (this.txtUser.Text.Trim().Equals("admin"))
{
this.ltMsg.Text = "管理员密码不能重置";
return;
}
ResetPwd(this.txtUser.Text, "123456");
}
private void ResetPwd(string userName, string password)
{
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
var directoryEntry = GetDirectoryEntryByUserName(userName);
if (directoryEntry == null)
{
this.ltMsg.Text = "未找到该用户";
return;
}
directoryEntry.Invoke("SetPassword", new object[] { password });
directoryEntry.Properties["LockOutTime"].Value = 0;
directoryEntry.Close();
directoryEntry.Dispose();
this.ltMsg.Text = userName + "的密码已经重置为123456";
});
}
catch (Exception e)
{
this.ltMsg.Text = "发生错误,请联系管理员:\r\n" + e.ToString();
}
}
private DirectoryEntry GetDirectoryEntryByUserName(string userName)
{
var de = GetDirectoryObject(GetDomain());
var deSearch = new DirectorySearcher(de) { SearchRoot = de, Filter = "(&(objectCategory=user)(samAccountName=" + userName + "))" };
var results = deSearch.FindOne();
return results != null ? results.GetDirectoryEntry() : null;
}
private string GetDomain()
{
//string adDomain = WebConfigurationManager.AppSettings["adDomainFull"];
string adDomain = "contoso.com";
var domain = new StringBuilder();
string[] dcs = adDomain.Split('.');
for (var i = 0; i < dcs.GetUpperBound(0) + 1; i++)
{
domain.Append("DC=" + dcs[i]);
if (i < dcs.GetUpperBound(0))
{
domain.Append(",");
}
}
return domain.ToString();
}
private DirectoryEntry GetDirectoryObject(string domainReference)
{
string adminUser = "admin";//WebConfigurationManager.AppSettings["adAdminUser"];
string adminPassword = "contosopwd";//WebConfigurationManager.AppSettings["adAdminPassword"];
string fullPath = "LDAP://" + domainReference;
var directoryEntry = new DirectoryEntry(fullPath, adminUser, adminPassword, AuthenticationTypes.Secure);
return directoryEntry;
}
至此,重置密码的功能就完成了,我的代码里使用了SPSecurity.RunWithElevatedPrivileges(delegate()...
提权用,是的,如果不提权的话无法重置密码,会报0x80070005 (E_ACCESSDENIED)这个错误。