博客地址 http://blog.csdn.net/foxdave
本文将说明一个简单的重置SharePoint用户密码(NTLM Windows认证)的功能如何实现
重置密码功能,实际上就是重置域用户密码的功能,其实很简单。
解决方案结构如下图所示:
1. 创建SharePoint空解决方案。
2. 添加一个空元素,命名为ResetPassword,并将随之生成的Feature也一并修改,范围选择Site。
3. 我们想将重置密码的功能添加到用户菜单下,所以在空元素的Emlements.xml中,填写如下定义:
<Elements xmlns="http://schemas.microsoft.com/sharepoint/"> <CustomAction Id="{97526618-3FA0-4117-9882-9A1127C56687}" Title="重置用户密码" Description="重置用户密码" Sequence="1003" Location="Microsoft.SharePoint.StandardMenu" GroupId="PersonalActions" ImageUrl="" Rights="EditListItems"> <UrlAction Url="_layouts/ResetPassword/ResetPassword.aspx"/> </CustomAction> </Elements>
定义的具体说明参阅“CustomAction Element”。
4. 添加Layous映射文件夹,其下的文件夹命名为ChangePassword,添加应用程序页。
对应用程序页进行编辑,添加必要的控件如要重置的用户名文本框、重置确认按钮、消息提示控件等。
前台页面:
<asp:Literal ID="ltMsg" EnableViewState="false" runat="server"></asp:Literal> <div> <h3> <span>重置密码</span> </h3> <table width="400px"> <tr> <td>用户名 </td> <td>: </td> <td> <asp:TextBox ID="txtUser" runat="server"></asp:TextBox> </td> </tr> <tr> <td colspan="3" align="center"> <br /> <asp:Button ID="btnResetPwd" runat="server" Text="重置密码" OnClick="btnResetPwd_Click" /> </td> </tr> </table> <br /> <br /> </div>
后台核心代码:
protected void btnResetPwd_Click(object sender, EventArgs e) { if (this.txtUser.Text.Trim().Equals("admin")) { this.ltMsg.Text = "管理员密码不能重置"; return; } ResetPwd(this.txtUser.Text, "123456"); } private void ResetPwd(string userName, string password) { try { SPSecurity.RunWithElevatedPrivileges(delegate() { var directoryEntry = GetDirectoryEntryByUserName(userName); if (directoryEntry == null) { this.ltMsg.Text = "未找到该用户"; return; } directoryEntry.Invoke("SetPassword", new object[] { password }); directoryEntry.Properties["LockOutTime"].Value = 0; directoryEntry.Close(); directoryEntry.Dispose(); this.ltMsg.Text = userName + "的密码已经重置为123456"; }); } catch (Exception e) { this.ltMsg.Text = "发生错误,请联系管理员: " + e.ToString(); } } private DirectoryEntry GetDirectoryEntryByUserName(string userName) { var de = GetDirectoryObject(GetDomain()); var deSearch = new DirectorySearcher(de) { SearchRoot = de, Filter = "(&(objectCategory=user)(samAccountName=" + userName + "))" }; var results = deSearch.FindOne(); return results != null ? results.GetDirectoryEntry() : null; } private string GetDomain() { //string adDomain = WebConfigurationManager.AppSettings["adDomainFull"]; string adDomain = "contoso.com"; var domain = new StringBuilder(); string[] dcs = adDomain.Split('.'); for (var i = 0; i < dcs.GetUpperBound(0) + 1; i++) { domain.Append("DC=" + dcs[i]); if (i < dcs.GetUpperBound(0)) { domain.Append(","); } } return domain.ToString(); } private DirectoryEntry GetDirectoryObject(string domainReference) { string adminUser = "admin";//WebConfigurationManager.AppSettings["adAdminUser"]; string adminPassword = "contosopwd";//WebConfigurationManager.AppSettings["adAdminPassword"]; string fullPath = "LDAP://" + domainReference; var directoryEntry = new DirectoryEntry(fullPath, adminUser, adminPassword, AuthenticationTypes.Secure); return directoryEntry; }
至此,重置密码的功能就完成了,我的代码里使用了SPSecurity.RunWithElevatedPrivileges(delegate()...
提权用,是的,如果不提权的话无法重置密码,会报0x80070005 (E_ACCESSDENIED)这个错误。