Storing domain administrator password to use in ASP

StackOverflow https://stackoverflow.com/questions/19435404

質問

I'm creating an ASP application to allow users to change their active directory password over an SSL connection.

I finally got all this working but the method I'm using to get it done requires the domain admin password as shown below.

Set objIADS = GetObject("WinNT:").OpenDSObject("WinNT://domain", "Administrator", sDomainPassword, ADS_SECURE_AUTHENTICATION)
Set objIADSUser = objIADS.GetObject("user", sUserID)
objIADSUser.ChangePassword sOldPassword, sNewPassword

Now all that works fine but I need to pass the domain admin password to the OpenDSObject method.

I obviously don't want to store it in the clear in a text variable nor in the clear in a SQL Server table so what other options do I have?

役に立ちましたか?

解決

After a previous comment, i realized the problem with the change of password in expired accounts. So, new try

Using the usual tools, you can wrap the code to do the password change in a .wsc (windows scripting component) file, register it, add to a com+ application running under the apropiated credentials (Administrator in your case) and instantiate the component from your asp code to do the password change.

That way the component will run under the needed credentials, and password will be stored inside com+ configuration.

他のヒント

You can install CAPICOM from Microsoft on the server and use that for encryption of sensitive data like this.

Example ASP code to encrypt:

Set objEncryptedData = Server.CreateObject("CAPICOM.EncryptedData") objEncryptedData.Algorithm.Name = 3 '3=3DES objEncryptedData.Algorithm.KeyLength = 5 '5=256bit objEncryptedData.SetSecret "your-encryption-password" objEncryptedData.Content = "your-secret-data"

sEncryptedStream = "" & objEncryptedData.Encrypt(0) '0=CAPICOM_ENCODE_BASE64 Set objEncryptedData = Nothing

Example ASP code to decrypt:

Set objEncryptedData = Server.CreateObject("CAPICOM.EncryptedData") objEncryptedData.SetSecret "your-encryption-password"

objEncryptedData.Decrypt(sEncryptedStream) sDecryptedData = objEncryptedData.Content

Set objEncryptedData = Nothing

ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top