<

Free/Open-Source Self-Service Password Reset tool for Active Directory

Published on
22,304 Points
12,704 Views
6 Endorsements
Last Modified:
Editors:
Approved
Editor's Choice
Shaun Vermaak
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...


Pre-requisites: The following assumptions have been made in this tutorial. Readers should have a basic working knowledge of Microsoft Active Directory, SQL Server and Visual Studio software.



Step 1:  Create ACTIVE DIRECTORY SERVICE ACCOUNT


Create an Active directory service account with password reset rights.

Details for this process and a custom Delegwiz.inf can be found in my previous article here



Step 2:  Download Visual Studio Project


1) Download the provided source zip file by clicking this link  (See below)



2) Extract and open the project in Visual Studio


 

Step 3:  Create database


Note: The basic steps for creating the database are listed below. Explaining MS SQL functionality is beyond the scope of this article, but I am happy to answer any questions in the comments section below.


1) From the Open Project in Visual Studio, open ModelSSPR.edmx

2) Right-click on white-space on the diagram page

3) Then select Generate Database from Model as shown below



4) Save the SQL script and use it on Microsoft SQL Server to build the database schema



5) Create an MS SQL user and grant it DB owner rights



step 4:  Modify config file


1) From the open project in Visual Studio

2) Replace the ADConnectionString connection string with the Active Directory LDAP string for the domain used in the Create Active Directory Service Account (Step 1)

3) Replace the SSPREntities connection string with the connection string of the database used in the Create Database (Step 3)






4) Configure ADMembershipProvider to the account created in the Create Active Directory Service Account (Step 1)



5) Replace the appSettings values with the correct information for the domain and account used in the Create Active Directory Service Account (Step 1)





Step 5:  Publish Site

Please Note: Explaining Visual Studio publishing is beyond the scope of this article, but I am happy to answer any questions in the comments section below.


1) From the open project in Visual Studio

2) Publish site with the Visual Studio Publishing wizard




step 6:  Testing Site


Registering password hints


1) Browse to site published in Publish Site (Step 5)

2) Click on Log in



3) Specify the Username and Password for the account to register for self-service password reset.


Note: Username must be in UPN format



4) Create password hints by adding questions and answers


Note: At least four hints need to be specified to utilize the self-service password reset function.




Self-Service Password Reset Request


1) Browse to the site published in the Publish Site (Step 5)


2) Click on Reset Password




3) Enter the Username for the account to reset the password for as shown below


Note: Username must be in UPN format



4) Enter answers to the security questions and provide new password


Note: Three random questions will be selected out of the hints configured


5) Click Reset Password



6) If the password was successfully reset, the following screen will display



I hope you found this tutorial useful. You are encouraged to ask questions, report any bugs or make any other comments about it below.


Note: If you need further "Support" about this topic, please consider using the Ask a Question feature of Experts Exchange. I monitor questions asked and would be pleased to provide any additional support required in questions asked in this manner, along with other EE experts...


Please do not forget to press the "Thumb's Up" button if you think this article was helpful and valuable for EE members.


It also provides me with positive feedback. Thank you!

6
122 Comments
LVL 8

Expert Comment

by:Naveen Sharma
Lepide Active Directory Self Service tool, free for 50 users:
https://www.lepide.com/active-directory-self-service/
0
LVL 63

Expert Comment

by:McKnife
@Naveen: What makes your payware better than this freeware?
0

Expert Comment

by:John Trussell
Hey Shaun,
I am extremely interested in getting this password reset tool setup for the school district I work for which supports about 2k users. I have a basic knowledge of ADUC and SQL but MS VS not so much. Is there any way I could get a more in depth step by step using these technologies. It would save the school district a lot of money and ease frustration across the board. Is Visual Studio free? Can you use SQL express? Basically, we are looking for a totally free solution. We have one AD domain that we support. Thanks!
0
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

LVL 51

Author Comment

by:Shaun Vermaak
Hi John

Thank you for the feedback

Is there any way I could get a more in-depth step by step using these technologies.
Happy to extend the article, let me know which steps

It would save the school district a lot of money and ease frustration across the board. Is Visual Studio free?
There is a community edition. If you struggle, I can add a compiled version which you would not need Visual Studio

Can you use SQL express?
Yes, the database is very small
0

Expert Comment

by:John Trussell
Shaun, I appreciate you working with me on this! I have downloaded the community version of VS and SQL express as those are both no charge. I also downloaded the source file from your link. I am have trouble locating the ModelSSPR.edmx to open with VS? Any point in the right direction is appreciated. A compiled version would be nice. Thanks again!
0
LVL 51

Author Comment

by:Shaun Vermaak
Here is the DDL. Run it in SQL after creating the database
-- --------------------------------------------------
-- Entity Designer DDL Script for SQL Server 2005, 2008, 2012 and Azure
-- --------------------------------------------------
-- Date Created: 02/13/2018 16:46:54
-- --------------------------------------------------

SET QUOTED_IDENTIFIER OFF;
GO
IF SCHEMA_ID(N'dbo') IS NULL EXECUTE(N'CREATE SCHEMA [dbo]');
GO

-- --------------------------------------------------
-- Dropping existing FOREIGN KEY constraints
-- --------------------------------------------------


-- --------------------------------------------------
-- Dropping existing tables
-- --------------------------------------------------

IF OBJECT_ID(N'[dbo].[Hints]', 'U') IS NOT NULL
    DROP TABLE [dbo].[Hints];
GO
IF OBJECT_ID(N'[dbo].[Questions]', 'U') IS NOT NULL
    DROP TABLE [dbo].[Questions];
GO

-- --------------------------------------------------
-- Creating all tables
-- --------------------------------------------------

-- Creating table 'Hints'
CREATE TABLE [dbo].[Hints] (
    [ID] int IDENTITY(1,1) NOT NULL,
    [UserName] varchar(50)  NOT NULL,
    [Question] varchar(max)  NOT NULL,
    [Answer] varchar(max)  NOT NULL
);
GO

-- Creating table 'Questions'
CREATE TABLE [dbo].[Questions] (
    [ID] int IDENTITY(1,1) NOT NULL,
    [Value] varchar(max)  NOT NULL
);
GO

-- --------------------------------------------------
-- Creating all PRIMARY KEY constraints
-- --------------------------------------------------

-- Creating primary key on [ID] in table 'Hints'
ALTER TABLE [dbo].[Hints]
ADD CONSTRAINT [PK_Hints]
    PRIMARY KEY CLUSTERED ([ID] ASC);
GO

-- Creating primary key on [ID] in table 'Questions'
ALTER TABLE [dbo].[Questions]
ADD CONSTRAINT [PK_Questions]
    PRIMARY KEY CLUSTERED ([ID] ASC);
GO

-- --------------------------------------------------
-- Creating all FOREIGN KEY constraints
-- --------------------------------------------------

-- --------------------------------------------------
-- Script has ended
-- --------------------------------------------------

Open in new window

0

Expert Comment

by:John Trussell
Thanks. Where is the "ModelSSPR.edmx" ? I cannot find it to open in VS in order to create a DB.
0
LVL 51

Author Comment

by:Shaun Vermaak
You can skip that step and use the DDL above
0

Expert Comment

by:Varun Singh
Hi Shaun

Thanks for creating above program as its really great.

I tried to configure and implement same in my Scenario. But i stuck in middle may be i miss something or configure incorrectly.

So, i required your help to get this sorted. Below is the Error that i am getting while implementing.Please look into this and give your comments.

Server Error in '/' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: The specified connection string does not represent a valid LDAP adspath.

Source Error:


Line 43:       <providers>
Line 44:         <clear />
Line 45:         <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="userPrincipalName" connectionUsername="testuuser" connectionPassword="@XXXXXXX" />
Line 46:         <!--<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="userPrincipalName" />-->
Line 47:       </providers>

Source File: C:\svermaak-self_service_password_reset-2edf4379b0e5\web.config    Line: 45

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2558.0


Thanks in Advance.
0
LVL 51

Author Comment

by:Shaun Vermaak
Please send me the web.config
0

Expert Comment

by:Varun Singh
Hi Shaun

Send to you in mail (shaun.vermaak@ittelligence.com)

Please check and let me know if you required any other details.
0

Expert Comment

by:Burlen Baker
Hi Shaun,
       It appears that that the following files are missing:

   <Compile Include="App_Start\AuthConfig.cs" />
    <Compile Include="App_Start\BundleConfig.cs" />
    <Compile Include="App_Start\FilterConfig.cs" />
    <Compile Include="App_Start\RouteConfig.cs" />
    <Compile Include="App_Start\WebApiConfig.cs" />
    <Compile Include="classEncryption64.cs" />
    <Compile Include="Controllers\AccountController.cs" />
    <Compile Include="Controllers\HintsController.cs" />
    <Compile Include="Controllers\HomeController.cs" />
    <Compile Include="Controllers\PasswordRequestsController.cs" />
    <Compile Include="Controllers\QuestionsController.cs" />
    <Compile Include="Filters\InitializeSimpleMembershipAttribute.cs" />
    <Compile Include="Global.asax.cs">

Can they be found outside the repository?
0
LVL 51

Author Comment

by:Shaun Vermaak
Please check again
0

Expert Comment

by:Steve Marchand
Hi Shaun,

First I'd just like to say thank you for sharing this!!

I am currently wrapping up the setup for the SSPR and I am just trying to do some basic testing while I am configuring an IIS server to host the website. I can right-click on the Project name "Self_Service_Password_Reset" and view the page in a browser. The page comes up in my default browser as localhost:56476 which is great!

I did notice that when I try to login to the page I am confronted with an error (see below) but if I click the back button it shows that I am logged in:

The system cannot find the file specified
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ComponentModel.Win32Exception: The system cannot find the file specified

Source Error:


Line 24:             string userName = Helpers.EncryptData(User.Identity.Name.Trim().ToUpper());
Line 25:
Line 26:             List<Hint> hints = db.Hints.Where(h => h.UserName == userName).ToList();
Line 27:             foreach (Hint hint in hints)
Line 28:             {

Source File: D:\Self Service Password Reset\Controllers\HintsController.cs    Line: 26


The only other issue I am having is that if I test resetting a password I get a similar error (see below):

The system cannot find the file specified
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ComponentModel.Win32Exception: The system cannot find the file specified

Source Error:


Line 41:             string encryptedUserName = Helpers.EncryptData(userName.Trim().ToUpper());
Line 42:
Line 43:             hints = db.Hints.Where(u => u.UserName == encryptedUserName).ToList();
Line 44:
Line 45:             if (hints.Count() < 4)

Source File: D:\Self Service Password Reset\Controllers\PasswordRequestsController.cs    Line: 43

Do i need to save the project files in a different directory or will this issue fix itself when the site is published?

Thanks again!!
0
LVL 51

Author Comment

by:Shaun Vermaak
Do those two files exist?
1

Expert Comment

by:Steve Marchand
Yes, I can find them in the directory listed in the error and they also show up in visual studio.
Capture1.PNG
Capture2.PNG
0
LVL 51

Author Comment

by:Shaun Vermaak
Is SQL setup with the database? Is it specified in the web.config?
1

Expert Comment

by:Steve Marchand
I installed SQL Express, created a new Database called "SSPR" gave it mixed-mode authentication for the SQL sa account, my domain admin account, and the service account I created to use for LDAP.

In Visual Studio I added the LDAP connection string to line 18 of the web.config file. On line 19 of the web.config file the only thing I did was add the username and password under
user id=;password=;

Open in new window

. I wasn't sure if there was anything else on line 19 of the web.config file I should have changed but I think I am missing something that would tell web.config where to find the SQL Database.
0
LVL 51

Author Comment

by:Shaun Vermaak
See connection string for Express here
https://www.connectionstrings.com/sql-server/

also, did you run the SQL commands to create the tables etc.?
1

Expert Comment

by:Steve Marchand
I did the "Generate Database from Model" in Visual Studio as your directions say to do then opened the modelSSPR.edmx.sql file in SQL and Executed it. SQL said it was successful and I refreshed the database and say tables were created.

Forgive me - the only experience I have with Visual Studio or any type of programming is from one intro course in college where we made simple stuff like "Hello World"

Looking at the link you sent - it looks like I would be using this string for .Net 4.5
Server=myServerName\myInstanceName;Database=myDataBase;User Id=myUsername;
Password=myPassword;

Open in new window


Currently this is what line 19 looks like for me (I just hide the user and password for sharing purposes):
<add name="SSPREntities" connectionString="metadata=res://*/ModelSSPR.csdl|res://*/ModelSSPR.ssdl|res://*/ModelSSPR.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=;initial catalog=;persist security info=True;user id=******;password=*****;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />

Open in new window


Where would I add in the proper SQL Express connection string within line 19?

Thank you for all of your help!
0
LVL 51

Author Comment

by:Shaun Vermaak
Here
connection string=&quot;data source=;initial catalog=;persist security info=True;user id=******;password=*****;MultipleActiveResultSets=True;App=EntityFramework&quot;"
1

Expert Comment

by:Steve Marchand
Oh okay - now I see where I completely over looked data source being the server name and catalog being the database name.

Thank you, Shaun!
0

Expert Comment

by:Steve Marchand
Hey Shaun,

So IIS has been a bear for a couple of days now and I am not sure what I am doing wrong. Leaving the web.config.xml as you wrote it from line 62-71 IIS gives me error 500.19 (see attached image) I cannot find anything in the web.config setting
overrideModeDefault="Deny"

Open in new window

overrideMode="Deny"

Open in new window

or
allowOverride="false"

Open in new window


I did find an "applicationhost.config file under C:\Users\%USERNAME%\Documents\IISExpress\Config\applicationhost.cong that did have the following code on line 69
<section name="handlers" overrideModeDefault="Deny" />

Open in new window


I changed it to

<section name="handlers" overrideModeDefault="Allow" />

Open in new window


Then IIS gave me an error on line 67 of the web.config file wanting a path

<add name="ExtensionlessUrlHandler-Integrated-4.0" />

Open in new window

 

so I changed it to a few variations with no luck

<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*" verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />

Open in new window


<add name="ExtensionlessUrlHandler-Integrated-4.0" path="/" verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />

Open in new window


<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*.xml" verb="PUT" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />

Open in new window


<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*" verb="PUT" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />

Open in new window


<add name="ExtensionlessUrlHandler-Integrated-4.0" path="/" verb="PUT" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />

Open in new window


I am not sure what else to try.... any ideas?
HTTP-Error-500.19.PNG
Handler-Mappings.PNG
applicationhost.config
0
LVL 27

Expert Comment

by:Andrew Leniart
@Steve Marchand

Considered using the Ask a Question function of Experts Exchange? You might get some helpful replies from other experts there as well and it might even help the author out even more.

Just a suggestion.

Regards, Andrew
0
LVL 51

Author Comment

by:Shaun Vermaak
Hi Steve

Can you please publish and test from within IIS and not IISExpress?
0

Expert Comment

by:Steve Marchand
HI Shaun,

Sorry for the confusion - These errors are coming from IIS and not IIS Express, I was just unclear if the applicationhost.config file from IIS Express was causing any issues because that is where I found the strings matching the errors. Yet when I run the site in IIS Express from Visual Studio it works perfectly.

Here is my setup:
I have a new vm that I spun up running Windows Server 2016 Standard and installed the IIS role with default features. Once everything was installed I rebooted the server opened IIS Manager, stopped the "Default Web Site" so I could utilize http port 80 and created a new site called "Self-Service Password Reset with a binding to http:*:80:. Then I browsed to C:\inetpub\wwwroot\ and created a new folder called "SSPR Site". Before publishing to that site, I modified the NTFS permissions on the folder C:\inetpub\wwwroot\SSPR Site to allow full control for principal "IIS APPPOOL\SSPR Site". Once that was done I opened Visual Studio, right-clicked on Self_service_Password_Reset at the top of the Solution Explorer and clicked Publish. I created a new profile with a publish method of File System to target location C:\inetpub\wwwroot\SSPR Site, configuration: Release, and File Publish Options to "Delete all existing files prior to publish" and clicked publish. The output in Visual Studio shows me that the web app was published successfully "file:///C:/inetpub/wwwroot/SSPR%Site" with no errors.

From there I go back to IIS Manager select the Self-Service Password Reset site and click Browse Website, That is when I see errors. Also get errors when I try to look at the Handler Mappings in IIS.
Directory-of-Site.PNG
IIS-10.0-Detailed-Error.PNG
IIS-Manager-Handler-Mappings-Error.PNG
IIS-Manager.PNG
0
LVL 51

Author Comment

by:Shaun Vermaak
What is line 64 of your web.config?
0
LVL 51

Author Comment

by:Shaun Vermaak
Sorry, I see in image
0
LVL 51

Author Comment

by:Shaun Vermaak
I have a new vm that I spun up running Windows Server 2016 Standard and installed the IIS role with default features.
I think this is your issue. You need to add .NET
0
LVL 27

Expert Comment

by:Andrew Leniart
@Steve

Why not "Ask a Question" for help with this issue?
1

Expert Comment

by:Steve Marchand
Hi Shaun,

.Net Framework 4.6 is installed as a feature with IIS but I do see that ASP .Net 4.6 is not installed so I will add that and try again as this is an ASP .NET site.

Line 64 shows as blank but this is line 62-71
<system.webServer>
  <validation validateIntegratedModeConfiguration="false" />


<handlers>
  <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="Syetem.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersion4.0" responseBufferLimit="0" />
  <remove name="OPTIONSVerbHandler" />
  <remove name="TRACEVerbHandler" />
  <!--<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="Syetem.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersion4.0" />-->
</handlers></system.webServer>

Open in new window

0

Expert Comment

by:Chris Poore
I am having an issue trying to logon with a AD account.  I receive the following error on our webserver

Event code: 4006
Event message: Membership credential verification failed.
Event time: 23/05/2018 2:36:49 PM
Event time (UTC): 23/05/2018 5:06:49 AM
Event ID: ca0763162b734ed1a6d64d578ab71e91
Event sequence: 2
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/8/ROOT-3-131715256087374523
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\Websites\Selfservice\
    Machine name: WEBSERVER
 
Process information:
    Process ID: 2900
    Process name: w3wp.exe
    Account name: IIS APPPOOL\selfservice
 
Request information:
    Request URL: https://selfservice.****.sa.edu.au:443/Account/Login 
    Request path: /Account/Login
    User host address: 10.124.XX.XX
    User:  
    Is authenticated: False
    Authentication Type:  
    Thread account name: IIS APPPOOL\selfservice
 
Name to authenticate: temp1@domain.local
1

Expert Comment

by:Shivaram Venkatesh
Hi, this is an excellent solution. However I keep getting an error "This solution references Nuget Packages which are not installed". I installed all the Nuget packages, but I am not able to build the solution. Please help. I am using VS Community 2017.
0
LVL 51

Author Comment

by:Shaun Vermaak
I wonder is it might be because of VS Community edition... I will add/post a published version if that will help?
1
LVL 51

Author Comment

by:Shaun Vermaak
0

Expert Comment

by:Thiago Moraes
I need unlock the account too. Password is changing but the account is locked.
0
LVL 51

Author Comment

by:Shaun Vermaak
I will add that. Will let you know
0
LVL 51

Author Comment

by:Shaun Vermaak
Added account unload to the process
0
LVL 51

Author Comment

by:Shaun Vermaak
I changed the repo to include the solution file too, not just the project
0

Expert Comment

by:Carter Sema
Interested in trying this out. Any idea if it's possible to use 636 with a Secure LDAP Cert?
0
LVL 51

Author Comment

by:Shaun Vermaak
You can change the web.config to use secure LDAP.

You need a certificate for the website too so it is SSL
0

Expert Comment

by:Bruno Soria
thank you  Great job!
Question and Answer are encrypted on DB?
this app save logs who and where reset pass?
future feature, Admin Section (Logs, Stats) ;)
1
LVL 51

Author Comment

by:Shaun Vermaak
Answers are encrypted with salt. Thank you for the feedback, will add that ;)
1

Expert Comment

by:Jeremy Crocker
This looks amazing!! I am going to try this next week!
0
LVL 51

Author Comment

by:Shaun Vermaak
Let me know how it goes. Happy to help
0

Expert Comment

by:Jared Drake
When trying to submit "Reset Password" (after filling in all inputs, of course), it crashed with the following screenshot (please see attached).
Hi, please can you assist me. I received this error when trying to reset password. Please see attached above.

Thank you
0

Expert Comment

by:Jared Drake
SSPWReset.PNG
After recreating the fresh clean project and followed your instructions. I received this error when trying to reset password. Please see attached above.

Thank you
0
LVL 51

Author Comment

by:Shaun Vermaak
I see you are not logged on. Did you configure active directory?
0

Expert Comment

by:Jared Drake
We already have AD service account with the full rights, I just tested with resetting password on AD with service account, it works. Do you think it has something to do with the .NET ?
0

Expert Comment

by:Jared Drake
Also note that I am able to log in, according to your instructions, log off first before click reset password ?
0
LVL 51

Author Comment

by:Shaun Vermaak
Hmm, I would step through the code to see the error. Can you give it a shot?
0

Expert Comment

by:Jared Drake
I just tested via Visual Studio, it just works but when I test via IIS, it just failed. Do you have any idea on why it is doing this ?

Thanks
Jared
PWError.PNG
0
LVL 51

Author Comment

by:Shaun Vermaak
Do you have DisplayMessage.cshtml in your IIS folder?
0

Expert Comment

by:Jared Drake
DisplayMessage.png
Yes, please the above screenshot
0

Expert Comment

by:Jared Drake
SuccessError.png
Look at the URL address, it says "Success" but this webpage jumped to the error message.
0
LVL 51

Author Comment

by:Shaun Vermaak
0
LVL 51

Author Comment

by:Shaun Vermaak
Yes, I think it is just a view issue. The password is actually changed. I am trying to reproduce error
0
LVL 51

Author Comment

by:Shaun Vermaak
Line 41 of HomeController
For a test, change this
return View("/Views/Shared/DisplayMessage.cshtml");

Open in new window

to
return View("HTTP://YOURFULLADDRESSBLABLABLA/Views/Shared/DisplayMessage.cshtml");

Open in new window

0
LVL 51

Author Comment

by:Shaun Vermaak
You can probably copy DisplayMessage.cshtml to Views/Home and change that line from
return View("/Views/Shared/DisplayMessage.cshtml");

Open in new window

to
return View();

Open in new window

0
LVL 51

Author Comment

by:Shaun Vermaak
I updated the repo with the fix for the View, please test
0

Expert Comment

by:Jared Drake
Awesome, thank you very much :-) I will let you know how it goes.
0

Expert Comment

by:Jared Drake
Good news! It works now. Thank you very much :-)
0

Expert Comment

by:Jared Drake
JQueryIssue.PNG
Just one more thing, the "Show password" link and the "Password Strength Status" label has gone missing, I think it has probably something to do with JQuery issue ? It was there fine before you changed something in the repo ...
0

Expert Comment

by:Jared Drake
UnlockErrorMissing.PNG
Once my user account is locked out, I just did reset password but it doesn't unlock my user account automatically. Please see the above screenshot.
0
LVL 51

Author Comment

by:Shaun Vermaak
Do your account have rights to unlock accounts?

I check the password strength but all seems fine
0

Expert Comment

by:Jared Drake
Yes, the service account have rights to unlock accounts. I did test on AD myself. No idea why it didn't want to unlock my user account.
0

Expert Comment

by:Jared Drake
Hi there,

Any news regarding Unlock User Account issue ?
0
LVL 51

Author Comment

by:Shaun Vermaak
Sorry, it is taking so long. I am deploying it and will fix it. The only host I have it deployed on as a POC reached a stupid 100k file limit so first clearing it
1

Expert Comment

by:Jared Drake
Okay I understand. No problem. Thank you very much
0
LVL 51

Author Comment

by:Shaun Vermaak
So the DisplayMessage and Password Strenght works my side.

Busy testing lockout
0
LVL 51

Author Comment

by:Shaun Vermaak
I fixed the account unlock function. Just do a new clone or change to this
try
{
    user.Properties["LockOutTime"].Value = 0;
    user.CommitChanges(); 
}
catch
{
 
}

Open in new window

0

Expert Comment

by:Jared Drake
LockoutIssue_23Aug2018.PNG
Still no luck so far, I tested on two different machines to reset password and unlock my account.

I would like to catch the error message to find out more information as why it does not work. Can you add that ?
0
LVL 51

Author Comment

by:Shaun Vermaak
Sure
try
{
    user.Properties["LockOutTime"].Value = 0;
    user.CommitChanges(); 
}
catch(Exception ex)
{
    return RedirectToAction("DisplayMessage", "Home", new { title = "Reset Password", messageTitle = "Error", messageDescription = ex.Message, redirectTo = "../PasswordRequests/SpecifyUser", redirectDelay = 5, messageType = 3 });
}

Open in new window

0

Expert Comment

by:Jared Drake
Thanks, I just tested again, it still does not unlock my user account and there is no error message after I added your code again. I think the unlock function is not working.
0
LVL 51

Author Comment

by:Shaun Vermaak
Do a new clone and test please
0

Expert Comment

by:Jared Drake
redirectDelay.PNG
Hi there, I managed to sort it out, i changed the redirectDelay number from 5 to 50 and tested, it unlocked my user account successfully.

It's all good now. Thank you very much :-)
0
LVL 51

Author Comment

by:Shaun Vermaak
That is good news Jared, all the best
0

Expert Comment

by:Jared Drake
Hi there, just one last thing, can you make use of JQuery in offline mode? Some functions do not work because it requires internet connection. I want it to work without internet connection.

Because I added the URL to the Windows Logon Screen, it must load with Offline JQuery.
0
LVL 51

Author Comment

by:Shaun Vermaak
Sure. Will change it a bit later
0

Expert Comment

by:Jared Drake
Don't worry I managed to sort it out myself :-)

The unlock function is acting up again, it still doesn't work. I think it ignored the unlock function. It was working last Friday, but then it's not working.

I tested it on Windows Application, it works very well, but not in Web Application.
0

Expert Comment

by:Jared Drake
Unlock-function.PNG
See the screenshot above, it works very well but not in Web Application, i'm wondering why it's doing like that. I don't think redirectDelay is an issue.
0
LVL 51

Author Comment

by:Shaun Vermaak
I changed the JQuery to use local file
0

Expert Comment

by:Jared Drake
The unlock function still does not work, I tried 3 different functions, but it seems like it ignored or skipped the unlock function. Can you test it from your side and see if it will work ? I have republished thousand times and no luck so far. It was working fine on Saturday after changing redirectDelay to 50, but then it has stopped working yesterday, hence, i didn't change anything in PasswordRequestsController.cs yesterday.
0

Expert Comment

by:Jared Drake
Just let you know that I created my own ASPX webpage and tested, it works, it did reset my password and unlock my account successfully. Something is wrong with your Repo project.
0

Expert Comment

by:Jean-Marc Rechsteiner
Hi,

First off all, thanks for that! It really looks good and I got it to work. But what I do miss (probably my fault) I cant see where the "Password-Rules" are.
I would like to inform what kind of Passwords the users need to have, to change their password. Thanks a lot for your help. Regards JM
0
LVL 51

Author Comment

by:Shaun Vermaak
It is part of IsPasswordSecure in Helpers.cs

You can also exclude passwords in the weakPasswords string

Will change these to options in the config file
0

Expert Comment

by:Jared Drake
Hi Shaun,

I have created & developed ASPX pages in the solution you created, I have one more thing to sort out tomorrow morning then I'll start testing with the unlock function in ASPX page. I will let you know how it goes.

Because I believe that PasswordRequestsController.cs is broken, it has always skipped or it has never fired the unlock function, therefore, it has never thrown errors.

I hope it makes sense :-)

I tested it in VS2015 Community Edition, and now I will be testing it in VS2017 Community Edition tomorrow.

Thanks
Jared
0

Expert Comment

by:Jared Drake
Hi Shaun,

I developed my own ASPX page and tested, it's doing the same thing.

When I test the webpage via Visual Studio, it works and it is able to unlock my account, but when I test it via IIS, it ignored the unlock function, as if it does nothing.

I have tried changing Application Pool for that site, no luck so far.

Thanks,
Jared
0
LVL 51

Author Comment

by:Shaun Vermaak
Very strange indeed. I used that exact repo and it runs and resets fine. Will see if I can identify issue
0

Expert Comment

by:Jared Drake
Yes, very strange, I'm sure it's something else in IIS, maybe NET framework bug issues ? or maybe security issues ? I'll bypass the reset password and test the unlock function tomorrow morning.
0

Expert Comment

by:Jared Drake
I found the problem! Even if my account is locked out, IsAccountLockedOut() returned false, and UnlockAccount() didn't work due to the bug issue of .NET Framework 4.5.

I did change NET framework to 4.5.1 in your solution and in web.config, published it to IIS, tested again, no luck so far.

See the link: https://stackoverflow.com/questions/12608971/net-4-5-bug-in-userprincipal-findbyidentity-system-directoryservices-accountma
0

Expert Comment

by:Jared Drake
I tried NET framework 4.5.1, still doing the same thing.

I don't understand why it didn't work via IIS. I've spent hours trying to sort it out. I have enabled Windows Authentication and disabled Anonymous Authentication and tested, still doing the same thing.

I am using the service account (with full access) in Application Pool as well.

Any idea why it's doing like this ?
0

Expert Comment

by:Jean-Marc Rechsteiner
Error.pngHi

I do still have some problems, which I wasnt able to resolve.
One of them ist the URL which the query is called. (http instead of https) I really cant find a place where I could change it to https.
I cant greade Hints as long as I get this error ..

Thanks and regards
JM
0
LVL 51

Author Comment

by:Shaun Vermaak
I think both Jared and your issue is the same

I moved displaymessage view to home but the include in the project was wrong

I fixed this
0

Expert Comment

by:Jared Drake
Hello Shaun,

I developed Windows Application with the same DB model you created, it's working very well. I am able to reset and unlock user account successfully.

We need to find a way to allow IIS to run the unlock user account function, because something in IIS blocked it from unlocking user account.

We just need to make use of Web application, not Windows Application.

Thanks,
Jared
0
LVL 51

Author Comment

by:Shaun Vermaak
Just set your application pool id to the correct user
0

Expert Comment

by:Jared Drake
Yes I did that, I set the application pool ID to the service account. Still didn't work.
0

Expert Comment

by:Jean-Marc Rechsteiner
Error creating hint
Hi, thanks again for your effort in helping me!
I still get the same error like before when Iam trying to add a Hint. (I work with the updated repo - which still has problems in publish to folder because of the missing DisplayMessage.cshtml)
When I try it on the IIS-Server itself, I get the error on the printscreen.

Strange is also I do have a user who can create a new hint without any problems, but my second user cant.

Thanks a lot! Regards
JM
0
LVL 51

Author Comment

by:Shaun Vermaak
I will do a clone and try and reproduce the errors.
0
LVL 51

Author Comment

by:Shaun Vermaak
Correct, you can. The purpose of this goes beyond just implementing a password reset portal. It ties into learning how it works and having a starter project that you can fully customize and own.
1

Expert Comment

by:Jared Drake
Hello there, i have one more thing to ask.

I can create new hints myself, but when I ask another user to create new hints himself, he got the following error message: "Validation failed for one or more entities. See 'EntityValidationErrors' property for more details.

I think similar error message as Jean-Marc.

If you have already fixed, please tell me what you did fix so that I can follow in my solution project.

Thanks
Jared
0

Expert Comment

by:Jared Drake
I think I found a problem regarding EntityValidationErrors.

It says "Property: UserName Error: The field UserName must be a string or array type with a maximum length of '50'"

it's important to set the UserName maximum length to 150 or 200 just to be safe in case if their first name and last name are long names, especially domain name e.g. @thepowerofsignlanguage.co.za or something like that. I think it's better to use 200 just be safe :-)

I hope this helps.

Thanks
Jared
0

Expert Comment

by:Jared Drake
Or you can also set it to "Max" if you don't want to put 200 or less.
0
LVL 51

Author Comment

by:Shaun Vermaak
;) Thanks. Will update in repo
1
LVL 51

Author Comment

by:Shaun Vermaak
Updated
1

Expert Comment

by:Jared Drake
Awesome, that's great news!

My solution works perfect. I'm glad I helped :-)

Keep well,
JD
1

Expert Comment

by:Jean-Marc Rechsteiner
Hey

Thanks for the help guys! Our solution works fine now - it was the same problem with the long e-mail adresses.
Updated the repo and set the max in the DB -  works smoothly now.

Great!
2
LVL 51

Author Comment

by:Shaun Vermaak
Thanks Jared. You solved Jean-Marc issue too (",)
1

Expert Comment

by:Jared Drake
Awesome, thank you for letting me know :-)
0

Expert Comment

by:J. Steven Young
I'm having an odd issue where everything works fine in IIS Express testing...but as I publish, it will not work right in IIS. It allows login, but redirects back to login page. I know it is hitting the AD because if I type wrong user or password it will error. Is there a list of file folders required for access to the app ID account? I had to give write access to the .NET 4.6 temp folder to get the app to work and not 500 error...


UPDATE*** I made my application ID account a member of the local Administrators group and the app fully works, so somewhere there is a write permission to a folder it seems. I'll investigate deeper later. for now it works
1

Expert Comment

by:J. Steven Young
Is there a possibility to eliminate the need for adding the user domain since my user base in this case are clients and I wish to user their own email address for login? I'd rather they be able to just put in their email address for the password reset or at the very least not have to remember the FQDN I have set for the Simple AD I am using for their access to some of my systems.
0
LVL 51

Author Comment

by:Shaun Vermaak
Please elaborate. Currently the logon is the user UPN
0

Expert Comment

by:J. Steven Young
Meaning... I have users setup in an old password management tool where they just used their email address or user logon to get into the password reset tool. I would like to eliminate the need for them to know what the internals are for the domain.

IE I have setup Simple AD in AWS. From there I have aded all my clients who have their own email from their domain and a user id in my system.

The Simple AD is in (example) . adserver.mydomain.com
so user john smith  from ACME.com . would be  -> jsmith@adserver.mydomain.com . in my server, but might try to enter jsmith@acme.com or just jsmith as done in the old system. Is there an easy way to allow the authentication to use their email address or user ID only? I'd rather not introduce a change that requires them to know to use the login ID and "@adserver.mydomain.com"?  just a feature I will have them do what is necessary but I want to make things as transparent for the client as possible
0
LVL 51

Author Comment

by:Shaun Vermaak
The easiest would be to add a UPN suffix and set it on the user. The UPN can then be exactly the same as the email address.

Would this be an option for you?

http://www.tutorialspoint.com/articles/adding-alternate-upn-suffix-to-active-directory-domain
0

Expert Comment

by:J. Steven Young
Yes I actually did that shortly after my last comment using a bulk update to AD via groovy script! Thanks!
1

Expert Comment

by:Debi Subekti
something strange happened
Capture.JPG
it said "Pasword change succesfully" but got the "Error" image

then, i test login with new password >> failed
my AD still using old password

any idea?
0
LVL 51

Author Comment

by:Shaun Vermaak
Hi Debi

I will enhance the error page to show an error message.

Will let you know
0
LVL 51

Author Comment

by:Shaun Vermaak
I have updated the repo to show the actual error message. Please run and give the actual error message
0

Expert Comment

by:Joseph Reynald San Pedro
Hi Shaun,

Thank you for sharing this!

We have been trying this for a couple of days now but we keep on facing the issue below. Hope you can help us with this. Thank you!

Self-Service-Password-Reset--Error-.jpg
0
LVL 51

Author Comment

by:Shaun Vermaak
Hi, that seems like access denied error. Are you running it as the correct user?
0

Expert Comment

by:Joseph Reynald San Pedro
Hi Shaun,

What do you mean by access denied error? We used the account that has password reset rights. Also, we tested it with our domain accounts but still we encounter the error.
0
LVL 51

Author Comment

by:Shaun Vermaak
Do you get this error in VS or IIS?
0

Featured Post

Monitor and Analyze Slow Network Performance

SolarWinds® Bandwidth Analyzer Pack, is designed to detect, diagnose, and resolve network performance issues, and monitor and test network throughput and traffic patterns from a single customizable console.

Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month