Use Active Directory as User Authentication

I would like to authenticate users of an in-house application using Active Directory on the Windows 2000 server.  I would like to set up groups that users could be added to in order to gain access to the system.

I am looking for code samples, login forms, examples and tips on how to achieve this.  
ChiefDamonAsked:
Who is Participating?
 
falconewConnect With a Mentor Commented:
Hi ChiefDamon,

I don't think you can authenticate a user by coding it by yourself, because there's no such method in documentation explaining about that. Logon authentication must be made at the first time a user login to windows.
To determine a user in specific group you can use ADO and ADSI, please refer to MSDN documentation.
This is a sample to check whether a user Bill Gate is a group of Accounting:

Dim strGroup
Dim oGroup
Dim arrmembers
Dim i
Dim member
Dim name
Dim GrupMember
Dim userName

userName="Bill Gate"
strGroup = "LDAP://cn=ACCOUNTING,cn=Users,DC=asiasoft,DC=com"
Set oGroup = GetObject(strGroup)
arrmembers = ""
arrmembers = oGroup.GetEx("member")
If IsArray(arrmembers) Then
    For i = LBound(arrmembers) To UBound(arrmembers)
        If GrupMember = false Then
            member = Split(arrmembers(i), ",")
            name = Split(member(0), "=")
            If UCase(UserName) = UCase(name(1)) Then
                GrupMember = true
            End If
         End If
    Next
End If
Set oGroup = Nothing
if GrupMember=true then
    msgbox "Group Accounting"
else
    msgbox "Not Group Accounting"
end if

hope this help...
0
 
pjbaratelliCommented:
To create a group:

1) Open active directory.  
2) Highlight the domain where the application is located
3) Right click the domain -> New -> Group
4) Enter in Group Name and Group Name (Pre-Windows 2000)
5) Choose Group Scope (I'd leave the default Global)
6) Choose Group Type (You want the default, security)
7) Select OK

This will create a group.

Apply the group to the in-house application permissions.
Place all users that have access into that group.

You shouldn't have to code for this and windows has a standard logon form it uses that is perfectly fine.

If the application is a web application, use frontpage to add the group to the web permissions and dissallow anonymous access.



0
 
ChiefDamonAuthor Commented:
Once you add a user to the group you will need to check the users group membership prior to opening the application.  The comment by pjbaratelli approaches adding the group memberships but states that a standard windows login will do for checking the memberships.  
I am using VB6 and see no such default form so I guess my question is:
How do I check active directory memberships within a VB application?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
falconewCommented:
listening
0
 
ChiefDamonAuthor Commented:
Very productive comment falconew.  Maybe you could explain further.
0
 
ChiefDamonAuthor Commented:
Added a new question that is more specific to the code required to search Windows 2000 Active directory using ADO and ADSI to determine an users group memeberships.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.