Solved

Help on IIS Authentication using ASP

Posted on 2001-07-11
10
208 Views
Last Modified: 2011-10-03
I am currently developing a software that are using microsoft 2000 exchange server. I would like to ask how to use http form to do the basic authentication using ASP and VBScript instead of the dialog pop-up prompt of NT Authentication.

It is not a good suggestion to set the security of the NT authentication to anonymous login and handle the security ourselves due to the software requirements. Also NT Challenge Response is not possible too.

Is it possible to do it with ADSI and LDAP? But how to do it? It is a great appreciation if can offer some examples.
0
Comment
Question by:h9925631
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 20

Accepted Solution

by:
Silvers5 earned 100 total points
ID: 6275749
you can't for the simple reason that you won't be able to fetch the password.. and both ways you'll need NT authentication.. using adsi you can get users info from the directory mainly..


<%
sLogonUser = Request.ServerVariables("Logon_User")
sDomain = Mid(sLogonUser, 1, Instr(1, sLogonUser, "\") - 1)
sLogonName = Mid(sLogonUser, Instr(1, sLogonUser, "\") + 1)

Response.Write GetUserFullName(sDomain, sLogonName)

Function GetUserFullName(sDomainName, sLogonName)
   On Error Resume Next
   
   Set oUser = GetObject("WinNT://" & sDomainName & "/" & sLogonName & ",user")
   GetUserFullName = oUser.FullName
   Set oUser = Nothing
   
   If Err <> 0 Then
       GetUserFullName = "User not found"
   End If
End Function
%>

-----------------------------------------------------------

' get a reference to that user (it's of data type IADSUser)
Set oUser = GetObject("WinNT://" & sDomainName & "/" & sLogonName & ",user")

' now, you can access its properties:
GetUserFullName = oUser.FullName

' listing the groups the user is in:
For Each oGroup in oUser.Groups
   Response.Write oGroup.Name & "<br>"
Next

-----------------------------------------------------------

Creating a user:

' Set up property values for the new user
sUsername =    "adsitester"
sFullName =    "ADSI Test Account"
sDescription = "A user account for testing ADSI"
sPassword =    "passworD2"

Set myComputer = GetObject("WinNT://servername")

' Create the new user account
Set newUser = myComputer.Create("user", sUsername)

' Set properties in the new user account
newUser.SetPassword sPassword
newUser.FullName = sFullName
newUser.Description = sDescription

newUser.SetInfo

-----------------------------------------------------------

Changing the password:

strMachine = "servername"
strUID = "username"
strPWDOld = "oldpwd"
strPWDNew = "newpwd"

Set objUser = GetObject("WinNT://" & strMachine & "/" & strUID & ",user")
objUser.ChangePassword(strPWDOld, strPWDNew)

-----------------------------------------------------------

The ADSI Scripting Reference is here: http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/adsi/adsiscript_9lf0.htm


so I didn't understand quietly.. how do you want the authentication? it's either nt or database driven.. nothing more..
0
 

Author Comment

by:h9925631
ID: 6276331
If this is the case, then is there any method that can perform the function same as the dialog pop-up prompt by http form?
0
 

Expert Comment

by:ussu36
ID: 6277787
You can use integrated windows authentication  setting in IIS ... the users logged on the domain wont have to give password or username ot get through.
Want details if interedted ?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:h9925631
ID: 6279240
Thanks for your comment. Would you mind to tell me more about it? Is there any restriction about this, for example, browser limitation? Moreover, could it support multiply domain?
0
 
LVL 20

Expert Comment

by:Silvers5
ID: 6279652

>Moreover, could it support multiply domain?

yes fi trust relation is enabled between them

>browser limitation?

only Internet explorer will work

in IIS site propreties, directory security.. in anonymous access click edit.. disable anonymous login and tick on integrated authentication at the bottom...


ussu36 , don't lock the question by posting as answer.. post as comments instead..

0
 

Author Comment

by:h9925631
ID: 6279731
But does the integrated windows authentication work in internet?
0
 
LVL 20

Expert Comment

by:Silvers5
ID: 6280428
no.. only on intranet.. over the internet you only can use a database driven authentication or nt challenge response :


How do I get the login name / username from the person visiting my page?

If you have disabled Anonymous access, then you should be able to retrieve the value from:
 
<%
    Response.Write Request.ServerVariables("logon_user")
%>
 
 
Note that IE is required to support Challenge/Response (IIS 4.0) or Integrated Windows Security (IIS 5.0).
 
If you can't disable Anonymous access, and/or need to support Netscape, then there is a possible alternative, provided you're not using DHCP. If your users have static IP addresses, you could store their usernames in a table and do a lookup against their IP:
 
<%
    Response.Write Request.ServerVariables("remote_addr")
%>
 
 
If you can't enforce either of those things, then you may have to resort to forcing your users to log in (even only once, then storing a cookie). I suppose this depends on balancing the importance of knowing who is on the site versus every user having to log in.


or:

How do I control access to an area?

Creating a login for a section of your web site is fairly easy. First, create a login form (loginForm.asp):
 
<form action=loginHandler.asp method=post>
        Username: <input type=text name='username'><BR>
        Password: <input type=password name='password'><BR>
        <input type=submit Value='Log In'><BR>
</form>
 
 
Next, create a login handler (loginHandler.asp):
 
<%
    '---------------------------------------------------------
    '-- check to see that the form was completely filled out--
    '---------------------------------------------------------
    if request.form("username")="" or request.form("password")="" then
        response.redirect("loginForm.asp")
    end if
 
    '---------------------------------------------------------
    '-- open your database connection and check for a record--
    '---------------------------------------------------------
    set conn = server.createObject("ADODB.Connection")
    conn.open "<insert connection string here>"
    u = lcase(request.form("username"))
    p = lcase(request.form("password"))
    sql = "select lin = count(username) from logintable where lower("
    sql = sql & "username)='" & u & "' and lower(password)='" & p & "'"
    set rs = conn.execute(sql)
     
    '--------------------------------------------------------
    '-- Decide whether to let them in --
    '--------------------------------------------------------
    if rs("lin")<>1 then  
        'access Denied
        response.redirect ("loginForm.asp")
    end if
    session("login")=true
    response.redirect ("hiThere.asp")
%>
 
 
Finally, at the top of each page, you test the session variable that you assigned in the script above:
 
<%
    if not session("login") then
        response.redirect("loginForm.asp")
    end if
%>


0
 
LVL 2

Expert Comment

by:mparter
ID: 7274194
Try having a look at my post here, I think this will solve your problem:

http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_20121949.html
0
 
LVL 33

Expert Comment

by:hongjun
ID: 8622878
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
[points to Silvers5]

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

hongjun
EE Cleanup Volunteer
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Questions about INCLUDE FILES 2 47
Syntax for query to update table 2 56
Button function on table is in trouble 3 41
Validating Date 4 38
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question