Active Directory login using ASP ***NOT*** ASP.Net.
I have a site to build that has a login on the home page. There are only two fields, username, and password. The form will then redirect to a page that needs to validate the user against the Active Directory and then fake it as that user. Obviously the user will initially be IUSER_ServerName. This is what I need to change (I think). When they are redirected to a different location according to the group they belong in (which will be either Students or Teachers, again gathered from the Active Directory details), they will not be prompted again with the NTFS permissions pop-up login. This is supposedly the idea of Active Directory. Saving two login entries.
What I need is the code to achieve this. I know a reasonable amount of ASP but am fairly ignorant of Active Directory. I also need the code to be in ASP and NOT ASP.Net. I also need some idea on what settings I need to apply to the folders. I think it is just applying security levels to specific groups only. Is this even all possible?
Bonus points may be given (up to another 500) for a complete and working solution. I don't have time to do a lot of error checking and testing. Especially playing around with it to get it to work with slightly different values. I can change the form names, group names and server/workgroup name accordingly but that's about it.
What I need is the code to achieve this. I know a reasonable amount of ASP but am fairly ignorant of Active Directory. I also need the code to be in ASP and NOT ASP.Net. I also need some idea on what settings I need to apply to the folders. I think it is just applying security levels to specific groups only. Is this even all possible?
Bonus points may be given (up to another 500) for a complete and working solution. I don't have time to do a lot of error checking and testing. Especially playing around with it to get it to work with slightly different values. I can change the form names, group names and server/workgroup name accordingly but that's about it.
Try the code in the accepted answer in the above link.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Your right LotharGores, it does seem to work.
My next question, included in the original question so I am keeping it in the same thread, how do I get the group details? The user will be in either the Student or Teacher group but I need to redirect accordingly. Which brings me to how do I set up a folder that I can redirect to with only Student or Teacher permissions (also in the original question) for testing purposes? I am a developer not a network guru, sorry. I do have total access to the development testing server. It is my standalone PC running Windows 2000 Server (with AD).
This question will result in huge points so please be patient with my ignorance. It will be worth it. :-)
My next question, included in the original question so I am keeping it in the same thread, how do I get the group details? The user will be in either the Student or Teacher group but I need to redirect accordingly. Which brings me to how do I set up a folder that I can redirect to with only Student or Teacher permissions (also in the original question) for testing purposes? I am a developer not a network guru, sorry. I do have total access to the development testing server. It is my standalone PC running Windows 2000 Server (with AD).
This question will result in huge points so please be patient with my ignorance. It will be worth it. :-)
Set oContainer = GetObject("LDAP://CN=<user
'-----------my domain is CMHC.US so my string would look like this "LDAP://CN=<username>,CN=u
for each oGroupName in oContainer.memberOf
gname = left(oGroupName,instr(oGro
gname = right(gname,len(gname) - 3)
if gname = "Student" then
Session("Group") = gname
elseif gname = "Teacher" then
Session("Group") = gname
end if
next
This will loop through all the groups the user is assigned to. Inside the loop each group string will be stripped, first to cn=groupname then to just groupname. It will then test for the groups you mentioned "Student" and "Teacher" and assigned that value to a session variable if that group is found. I would put this in the else side of your if statement checking for errors on validating the username and password. Let us know if this works for you.
'-----------my domain is CMHC.US so my string would look like this "LDAP://CN=<username>,CN=u
for each oGroupName in oContainer.memberOf
gname = left(oGroupName,instr(oGro
gname = right(gname,len(gname) - 3)
if gname = "Student" then
Session("Group") = gname
elseif gname = "Teacher" then
Session("Group") = gname
end if
next
This will loop through all the groups the user is assigned to. Inside the loop each group string will be stripped, first to cn=groupname then to just groupname. It will then test for the groups you mentioned "Student" and "Teacher" and assigned that value to a session variable if that group is found. I would put this in the else side of your if statement checking for errors on validating the username and password. Let us know if this works for you.
ASKER
OK, getting close now.
The last thing I need is to make sure this works in stopping the popup that comes for a directory that is protected for a specific group. This is where a person can go to an address and they are prompted with the Windows login thing (caused by permissions set on the server). I can get the "You are not authorised" error but I can't get the popup to appear. I don't know what settings I have to apply on the server and or IIS. Can someone help me here?
Once I have that I then need to make sure that I am not prompted by it because the browser is not accessing the directory annonymously but as the authenticated user. I am assuming at this stage that this directories security automatically checks Session("USER_LOGIN") or is that a made up variable? I need the server to believe the browser is the logged in user. Am I making sense?
The last thing I need is to make sure this works in stopping the popup that comes for a directory that is protected for a specific group. This is where a person can go to an address and they are prompted with the Windows login thing (caused by permissions set on the server). I can get the "You are not authorised" error but I can't get the popup to appear. I don't know what settings I have to apply on the server and or IIS. Can someone help me here?
Once I have that I then need to make sure that I am not prompted by it because the browser is not accessing the directory annonymously but as the authenticated user. I am assuming at this stage that this directories security automatically checks Session("USER_LOGIN") or is that a made up variable? I need the server to believe the browser is the logged in user. Am I making sense?
On the directories you want to secure, in IIS go to the properties for that directory, Directory/File security, edit Anonymous Access and Security control, remove checkbox for Anonymous Access and check Integrated Windows Security if it is not already. The variable you will need to check is the request.servervariables("A
ASKER
What your saying Dan seems to make sense to me. I think. However, in practice, what I have is not working.
I run through the code as passed on by LotharGores and redirect to the Student folder. At which point I get the Network Login Popup. If I enter the same details again it lets me in. This is exactly what I want to avoid.
I am guessing servervariables("AUTH_USER
I run through the code as passed on by LotharGores and redirect to the Student folder. At which point I get the Network Login Popup. If I enter the same details again it lets me in. This is exactly what I want to avoid.
I am guessing servervariables("AUTH_USER
ASKER
Thanks guys. I didn't quite get the result I wanted but your help has been fantastic.
More points will be posted for your help dan_neal.
More points will be posted for your help dan_neal.
Dan Neal, I just wanted to note that I used your comments in here to fix my own solution.
Thanks,
Thanks,
ASKER