博客地址
本文将说明一个简单的重置SharePoint用户密码(NTLMWindows认证)的功能如何实现
重置密码功能,实际上就是重置域用户密码的功能,其实很简单。
解决方案结构如下图所示:
1.创建SharePoint空解决方案。
2.添加一个空元素,,命名为ResetPassword,并将随之生成的Feature也一并修改,范围选择Site。
3.我们想将重置密码的功能添加到用户菜单下,所以在空元素的Emlements.xml中,填写如下定义:
<Elements xmlns=""> <CustomActionId="{97526618-3FA0-4117-9882-9A1127C56687}"Title="重置用户密码"Description="重置用户密码"Sequence="1003"Location="Microsoft.SharePoint.StandardMenu"GroupId="PersonalActions"ImageUrl=""Rights="EditListItems"><UrlAction Url="_layouts/ResetPassword/ResetPassword.aspx"/> </CustomAction></Elements>
4.添加Layous映射文件夹,其下的文件夹命名为ChangePassword,添加应用程序页。
对应用程序页进行编辑,添加必要的控件如要重置的用户名文本框、重置确认按钮、消息提示控件等。
前台页面:
<asp:Literal ID="ltMsg" EnableViewState="false" runat="server"></asp:Literal><div><h3><span>重置密码</span></h3><table width="400px"><tr><td>用户名</td><td>:</td><td><asp:TextBox ID="txtUser" runat="server"></asp:TextBox></td></tr><tr><td colspan="3" align="center"><br /><asp:Button ID="btnResetPwd" runat="server" Text="重置密码" OnClick="btnResetPwd_Click" /></td></tr></table><br /><br /></div>
后台核心代码:
protected void btnResetPwd_Click(object sender, EventArgs e){if (this.txtUser.Text.Trim().Equals("admin")){this.ltMsg.Text = "管理员密码不能重置";return;}ResetPwd(this.txtUser.Text, "123456");}private void ResetPwd(string userName, string password){try{SPSecurity.RunWithElevatedPrivileges(delegate(){var directoryEntry = GetDirectoryEntryByUserName(userName);if (directoryEntry == null){this.ltMsg.Text = "未找到该用户";return;}directoryEntry.Invoke("SetPassword", new object[] { password });directoryEntry.Properties["LockOutTime"].Value = 0;directoryEntry.Close();directoryEntry.Dispose();this.ltMsg.Text = userName + "的密码已经重置为123456";});}catch (Exception e){this.ltMsg.Text = "发生错误,请联系管理员:\r\n" + e.ToString();}}private DirectoryEntry GetDirectoryEntryByUserName(string userName){var de = GetDirectoryObject(GetDomain());var deSearch = new DirectorySearcher(de) { SearchRoot = de, Filter = "(&(objectCategory=user)(samAccountName=" + userName + "))" };var results = deSearch.FindOne();return results != null ? results.GetDirectoryEntry() : null;}private string GetDomain(){//string adDomain = WebConfigurationManager.AppSettings["adDomainFull"];string adDomain = "contoso.com";var domain = new StringBuilder();string[] dcs = adDomain.Split(‘.’);for (var i = 0; i < dcs.GetUpperBound(0) + 1; i++){domain.Append("DC=" + dcs[i]);if (i < dcs.GetUpperBound(0)){domain.Append(",");}}return domain.ToString();}private DirectoryEntry GetDirectoryObject(string domainReference){string adminUser = "admin";//WebConfigurationManager.AppSettings["adAdminUser"];string adminPassword = "contosopwd";//WebConfigurationManager.AppSettings["adAdminPassword"];string fullPath = "LDAP://" + domainReference;var directoryEntry = new DirectoryEntry(fullPath, adminUser, adminPassword, AuthenticationTypes.Secure);return directoryEntry;}
至此,重置密码的功能就完成了,我的代码里使用了SPSecurity.RunWithElevatedPrivileges(delegate()…
提权用,是的,如果不提权的话无法重置密码,会报0x80070005 (E_ACCESSDENIED)这个错误。
肯承认错误则错已改了一半
