Solved

Use Active Directory as User Authentication

Posted on 2002-05-14
6
319 Views
Last Modified: 2010-05-02
I would like to authenticate users of an in-house application using Active Directory on the Windows 2000 server.  I would like to set up groups that users could be added to in order to gain access to the system.

I am looking for code samples, login forms, examples and tips on how to achieve this.  
0
Comment
Question by:ChiefDamon
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7011817
To create a group:

1) Open active directory.  
2) Highlight the domain where the application is located
3) Right click the domain -> New -> Group
4) Enter in Group Name and Group Name (Pre-Windows 2000)
5) Choose Group Scope (I'd leave the default Global)
6) Choose Group Type (You want the default, security)
7) Select OK

This will create a group.

Apply the group to the in-house application permissions.
Place all users that have access into that group.

You shouldn't have to code for this and windows has a standard logon form it uses that is perfectly fine.

If the application is a web application, use frontpage to add the group to the web permissions and dissallow anonymous access.



0
 

Author Comment

by:ChiefDamon
ID: 7012359
Once you add a user to the group you will need to check the users group membership prior to opening the application.  The comment by pjbaratelli approaches adding the group memberships but states that a standard windows login will do for checking the memberships.  
I am using VB6 and see no such default form so I guess my question is:
How do I check active directory memberships within a VB application?
0
 
LVL 1

Expert Comment

by:falconew
ID: 7012776
listening
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:ChiefDamon
ID: 7013517
Very productive comment falconew.  Maybe you could explain further.
0
 

Author Comment

by:ChiefDamon
ID: 7013617
Added a new question that is more specific to the code required to search Windows 2000 Active directory using ADO and ADSI to determine an users group memeberships.
0
 
LVL 1

Accepted Solution

by:
falconew earned 200 total points
ID: 7015445
Hi ChiefDamon,

I don't think you can authenticate a user by coding it by yourself, because there's no such method in documentation explaining about that. Logon authentication must be made at the first time a user login to windows.
To determine a user in specific group you can use ADO and ADSI, please refer to MSDN documentation.
This is a sample to check whether a user Bill Gate is a group of Accounting:

Dim strGroup
Dim oGroup
Dim arrmembers
Dim i
Dim member
Dim name
Dim GrupMember
Dim userName

userName="Bill Gate"
strGroup = "LDAP://cn=ACCOUNTING,cn=Users,DC=asiasoft,DC=com"
Set oGroup = GetObject(strGroup)
arrmembers = ""
arrmembers = oGroup.GetEx("member")
If IsArray(arrmembers) Then
    For i = LBound(arrmembers) To UBound(arrmembers)
        If GrupMember = false Then
            member = Split(arrmembers(i), ",")
            name = Split(member(0), "=")
            If UCase(UserName) = UCase(name(1)) Then
                GrupMember = true
            End If
         End If
    Next
End If
Set oGroup = Nothing
if GrupMember=true then
    msgbox "Group Accounting"
else
    msgbox "Not Group Accounting"
end if

hope this help...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now