Solved

Help on IIS Authentication using ASP

Posted on 2001-07-11
10
203 Views
Last Modified: 2011-10-03
I am currently developing a software that are using microsoft 2000 exchange server. I would like to ask how to use http form to do the basic authentication using ASP and VBScript instead of the dialog pop-up prompt of NT Authentication.

It is not a good suggestion to set the security of the NT authentication to anonymous login and handle the security ourselves due to the software requirements. Also NT Challenge Response is not possible too.

Is it possible to do it with ADSI and LDAP? But how to do it? It is a great appreciation if can offer some examples.
0
Comment
Question by:h9925631
10 Comments
 
LVL 20

Accepted Solution

by:
Silvers5 earned 100 total points
Comment Utility
you can't for the simple reason that you won't be able to fetch the password.. and both ways you'll need NT authentication.. using adsi you can get users info from the directory mainly..


<%
sLogonUser = Request.ServerVariables("Logon_User")
sDomain = Mid(sLogonUser, 1, Instr(1, sLogonUser, "\") - 1)
sLogonName = Mid(sLogonUser, Instr(1, sLogonUser, "\") + 1)

Response.Write GetUserFullName(sDomain, sLogonName)

Function GetUserFullName(sDomainName, sLogonName)
   On Error Resume Next
   
   Set oUser = GetObject("WinNT://" & sDomainName & "/" & sLogonName & ",user")
   GetUserFullName = oUser.FullName
   Set oUser = Nothing
   
   If Err <> 0 Then
       GetUserFullName = "User not found"
   End If
End Function
%>

-----------------------------------------------------------

' get a reference to that user (it's of data type IADSUser)
Set oUser = GetObject("WinNT://" & sDomainName & "/" & sLogonName & ",user")

' now, you can access its properties:
GetUserFullName = oUser.FullName

' listing the groups the user is in:
For Each oGroup in oUser.Groups
   Response.Write oGroup.Name & "<br>"
Next

-----------------------------------------------------------

Creating a user:

' Set up property values for the new user
sUsername =    "adsitester"
sFullName =    "ADSI Test Account"
sDescription = "A user account for testing ADSI"
sPassword =    "passworD2"

Set myComputer = GetObject("WinNT://servername")

' Create the new user account
Set newUser = myComputer.Create("user", sUsername)

' Set properties in the new user account
newUser.SetPassword sPassword
newUser.FullName = sFullName
newUser.Description = sDescription

newUser.SetInfo

-----------------------------------------------------------

Changing the password:

strMachine = "servername"
strUID = "username"
strPWDOld = "oldpwd"
strPWDNew = "newpwd"

Set objUser = GetObject("WinNT://" & strMachine & "/" & strUID & ",user")
objUser.ChangePassword(strPWDOld, strPWDNew)

-----------------------------------------------------------

The ADSI Scripting Reference is here: http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/adsi/adsiscript_9lf0.htm


so I didn't understand quietly.. how do you want the authentication? it's either nt or database driven.. nothing more..
0
 

Author Comment

by:h9925631
Comment Utility
If this is the case, then is there any method that can perform the function same as the dialog pop-up prompt by http form?
0
 

Expert Comment

by:ussu36
Comment Utility
You can use integrated windows authentication  setting in IIS ... the users logged on the domain wont have to give password or username ot get through.
Want details if interedted ?
0
 

Author Comment

by:h9925631
Comment Utility
Thanks for your comment. Would you mind to tell me more about it? Is there any restriction about this, for example, browser limitation? Moreover, could it support multiply domain?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 20

Expert Comment

by:Silvers5
Comment Utility

>Moreover, could it support multiply domain?

yes fi trust relation is enabled between them

>browser limitation?

only Internet explorer will work

in IIS site propreties, directory security.. in anonymous access click edit.. disable anonymous login and tick on integrated authentication at the bottom...


ussu36 , don't lock the question by posting as answer.. post as comments instead..

0
 

Author Comment

by:h9925631
Comment Utility
But does the integrated windows authentication work in internet?
0
 
LVL 20

Expert Comment

by:Silvers5
Comment Utility
no.. only on intranet.. over the internet you only can use a database driven authentication or nt challenge response :


How do I get the login name / username from the person visiting my page?

If you have disabled Anonymous access, then you should be able to retrieve the value from:
 
<%
    Response.Write Request.ServerVariables("logon_user")
%>
 
 
Note that IE is required to support Challenge/Response (IIS 4.0) or Integrated Windows Security (IIS 5.0).
 
If you can't disable Anonymous access, and/or need to support Netscape, then there is a possible alternative, provided you're not using DHCP. If your users have static IP addresses, you could store their usernames in a table and do a lookup against their IP:
 
<%
    Response.Write Request.ServerVariables("remote_addr")
%>
 
 
If you can't enforce either of those things, then you may have to resort to forcing your users to log in (even only once, then storing a cookie). I suppose this depends on balancing the importance of knowing who is on the site versus every user having to log in.


or:

How do I control access to an area?

Creating a login for a section of your web site is fairly easy. First, create a login form (loginForm.asp):
 
<form action=loginHandler.asp method=post>
        Username: <input type=text name='username'><BR>
        Password: <input type=password name='password'><BR>
        <input type=submit Value='Log In'><BR>
</form>
 
 
Next, create a login handler (loginHandler.asp):
 
<%
    '---------------------------------------------------------
    '-- check to see that the form was completely filled out--
    '---------------------------------------------------------
    if request.form("username")="" or request.form("password")="" then
        response.redirect("loginForm.asp")
    end if
 
    '---------------------------------------------------------
    '-- open your database connection and check for a record--
    '---------------------------------------------------------
    set conn = server.createObject("ADODB.Connection")
    conn.open "<insert connection string here>"
    u = lcase(request.form("username"))
    p = lcase(request.form("password"))
    sql = "select lin = count(username) from logintable where lower("
    sql = sql & "username)='" & u & "' and lower(password)='" & p & "'"
    set rs = conn.execute(sql)
     
    '--------------------------------------------------------
    '-- Decide whether to let them in --
    '--------------------------------------------------------
    if rs("lin")<>1 then  
        'access Denied
        response.redirect ("loginForm.asp")
    end if
    session("login")=true
    response.redirect ("hiThere.asp")
%>
 
 
Finally, at the top of each page, you test the session variable that you assigned in the script above:
 
<%
    if not session("login") then
        response.redirect("loginForm.asp")
    end if
%>


0
 
LVL 2

Expert Comment

by:mparter
Comment Utility
Try having a look at my post here, I think this will solve your problem:

http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_20121949.html
0
 
LVL 33

Expert Comment

by:hongjun
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
[points to Silvers5]

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

hongjun
EE Cleanup Volunteer
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now