?
Solved

Need an automatic logon using msrdp (Terminal Services)

Posted on 2005-04-26
7
Medium Priority
?
7,970 Views
Last Modified: 2008-01-09
Hello,
i'm using the following code in an ASP page to access a Windows 2003 Server using Terminal Services :
sub BtnConnect
   
 

   MsRdpClient.server = "10.1.1.22"
   MsRdpClient.SecuredSettings.KeyboardHookMode=0 'Serve per abilitare ALT-TAB sul lato client
   'serverName name text
   Document.all.srvNameField.innerHtml = serverName
   
   'Username/Domain
   'if Document.all.CheckBoxAutoLogon.checked then
      MsRdpClient.UserName = "iri"
      MsRdpClient.Domain = "hhnt"
   'end if
   
   'Resolution
   
   MsRdpClient.FullScreen = TRUE
   resWidth  = screen.width
   resHeight = screen.height
   
   MsRdpClient.DesktopWidth = resWidth
   MsRdpClient.DesktopHeight = resHeight
   
   
   MsRdpClient.Width = resWidth
   MsRdpClient.Height = resHeight
   
   'Device redirection options
   MsRdpClient.AdvancedSettings2.RedirectDrives     = FALSE
   MsRdpClient.AdvancedSettings2.RedirectPrinters   = TRUE
   MsRdpClient.AdvancedSettings2.RedirectPorts      = FALSE
   MsRdpClient.AdvancedSettings2.RedirectSmartCards = FALSE
   
   'FullScreen title
   'MsRdpClient.FullScreenTitle = L_FullScreenTitle_Text & "(" & serverName & ")"
 
   'Display connect region
   Document.all.loginArea.style.display = "none"
   Document.all.connectArea.style.display = "block"
   Msrdpclient.SecuredSettings.StartProgram = "C:\sb4w\launcher.exe"

   'Connect
   MsRdpClient.Connect
end sub

My question is : how to supply directly a password in order to get rid of the Logon window? Or better, since my site is using Windows Authentication, there's any mean to logon automatically using the security without supply any Username and Password (in this case the sistem should be able to detect the user and open a remote session with the drive mapping associated with that user).
My web site is already using Windows Authentication for securing ASP pages but i was unable until now to connect automatically to a Terminal server using msrdp without entering manually at the logon window the user credentials.

Thanks.
Ivan.
0
Comment
Question by:IRI
  • 4
  • 3
7 Comments
 
LVL 1

Accepted Solution

by:
karlossos earned 1500 total points
ID: 13957339
I've done a similar thing.

I've just used server variables to get the username and then cut up the pieces.

___________________________________ ASP CODE BELOW ________________________

          username = Request.ServerVariables("AUTH_USER")

          If Len(username) = 0 Then
      response.write("<br>Error logging in - please try again!<br>")
          End If

          domainLen = InStr(username, "\")
          if domainLen = 0 then
                   username = Mid(username, 6, (Len(username)-6))      '<------ alter the 6 to the length of your domain name
          else
                  username = Mid(username, (domainLen+1), (Len(username)-domainLen))
          end if
          username = Lcase(username)
          session("user") = username                '<--------------- sets the username
          session("pass") = Request.ServerVariables("AUTH_PASSWORD").ToString()    '<--------------- sets the password

_______________________ASP CODE ABOVE___________________________________________

place the code above in the first page when users logs in to grab the username and password.

in the page that loads your term serv client put the following.

        MsRdpClient.server = "your server
      MsRdpClient.UserName = "<%=session("user").trim()%>"
      MsRdpClient.AdvancedSettings.ClearTextPassword = "<%=session("pass").trim()%>"
      MsRdpClient.Domain = "your domain"

___________________________________________________________________

Let me know if you have any trouble,

cheers,
Karl
0
 

Author Comment

by:IRI
ID: 13960348
Hi Karl,
thanks for your reply, but if i put the ASP code in a page (just before the one with the TS code) and then i change the TS code as you suggest i only get a blank page without errors.

I had also to change the last command of the ASP code from :
session("pass") = Request.ServerVariables("AUTH_PASSWORD").ToString()
to:
session("pass") = Request.ServerVariables("AUTH_PASSWORD")
or i get the following message :
Object doesn't support this property or method: 'Request.ServerVariables(...).ToString'
(seems like you are using some ASP.NET code instead of pure ASP)

Remember that user authentication is Windows based (nobody enters credentials when accessing our intranet).

Now i have two pages, the "calling" page is something like that :
<%
username = Request.ServerVariables("AUTH_USER")
If Len(username) = 0 Then
      response.write("<br>Error logging in - please try again!<br>")
End If
domainLen = InStr(username, "\")
if domainLen = 0 then
      username = Mid(username, 4, (Len(username)-4))      '<------ alter the 6 to the length of your domain name
else  
      username = Mid(username, (domainLen+1), (Len(username)-domainLen))
end if
username = Lcase(username)
session("user") = username                '<--------------- sets the username
Request.ServerVariables("AUTH_PASSWORD")      '<--------------- sets the password
%>

On this page there's a link to the TS Activex page, which include the following code :
 MsRdpClient.server = "10.1.1.22"
   MsRdpClient.SecuredSettings.KeyboardHookMode=0
   'serverName name text
   Document.all.srvNameField.innerHtml = serverName
   'Username/Domain
    'MsRdpClient.UserName = "iri"
     MsRdpClient.Domain = "hhnt"
     MsRdpClient.UserName = "<%=session("user").trim()%>"
     MsRdpClient.AdvancedSettings.ClearTextPassword = "<%=session("pass").trim()%>"
     'Resolution
   MsRdpClient.FullScreen = TRUE
   resWidth  = screen.width
   resHeight = screen.height
   MsRdpClient.DesktopWidth = resWidth
   MsRdpClient.DesktopHeight = resHeight
   MsRdpClient.Width = resWidth
   MsRdpClient.Height = resHeight
  'Device redirection options
   MsRdpClient.AdvancedSettings2.RedirectDrives     = FALSE
   MsRdpClient.AdvancedSettings2.RedirectPrinters   = TRUE
   MsRdpClient.AdvancedSettings2.RedirectPorts      = FALSE
   MsRdpClient.AdvancedSettings2.RedirectSmartCards = FALSE
   'FullScreen title
   'MsRdpClient.FullScreenTitle = L_FullScreenTitle_Text & "(" & serverName & ")"
  'Display connect region
   Document.all.loginArea.style.display = "none"
   Document.all.connectArea.style.display = "block"
   'Connect
   MsRdpClient.Connect

What do you think is wrong?
Ivan.
0
 
LVL 1

Expert Comment

by:karlossos
ID: 13965397
have you got active X control embeded in the second page called MsRdpClient?

if on the Intranet. then don't grab the password from server variables and just have a text box on the first page for the user to input the password but the username will still get picked up.

I don't know y the control isn't activating. I would do some debugging and make sure the variables are being passed correctly to the second page.

use some client scripting like msgbox(<%=session("user")%>)

and put a couple of of message boxes arround you MsRdpClient.Connect command to see if its being executed. if not: you may be able to call the function in <body onload="startcontrol()">

let me know how it goes,
cheers,
Karl
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 1

Expert Comment

by:karlossos
ID: 13965409
another thing when you get it going. to map the user drive on the system. create a vbs to be executed by the users logon script that executes:

if computername = (you term serv computer)        <-- so only maps if they've term served in
 map "\\server\users$\" & username
end if

cheers.
0
 

Author Comment

by:IRI
ID: 13966134
Hi, Karl
the page was blank because of syntax errors (i had to adapt some code since it seems like some commands like session("pass").trim() must written as trim(session("pass"), mybe because i'm using ASP and not ASP.NET) . Now is working but i still get an error message when the login window of the TS appear : "The system could not log you on. Make sure your user name an domanin are correct, then type your password again...."
The user name field is correctly filled and also the domain, so i think the problem is the password.
Another thing : if possible i don't want the user to enter the password to a form/login window but the password is just sent "silently" when the user connect to Intranet because of the Integrated Windows Authentication of IIS. For the rest of the Intranet is just woking fine, each user connects directly without using any login page and IIS recognize which user connects finding it in the AD applying the correct rights on the IIS folders. The problem appears only if i want to connect to TS passing the same "hidden" password of the Windows account that is connecting from (i don't pass effectively nothing but the system should do).
I also read from a posting somewhere in the internet that is almost impossible to read and re-use the user password if Integrated Windows Authentication is used on IIS instead of using a form/prompt based login.
P.S: if i write on the scrren the content of the variable user and pass i can read only the user content, the pass variable is empty.
Ivan.
0
 
LVL 1

Expert Comment

by:karlossos
ID: 13967871
Yeah, that's right.

I had the same problem and could not grab the users password using integrated authentication without the login.
I believe that the server vars from IIS are taken from windows environment vars and holding the users' passwords is a pretty heavy breech on security.
The only way to get the password is to have the login prompt. or if you can grab it somewhere else when the user changes the password or something, you could store it in a database and pull it from there to automate.

try putting the password in manually to make sure the control is working OK.

If you find a way to secretly grab the users password once logged in, I would like to know, but I wouldn't spend too much time on it.

my code was ASP.NET. should have informed.

Karl
0
 

Author Comment

by:IRI
ID: 13996001
Hi Karl,
i solved using a table in our SQL Server for storing the password info. To "grab" the password i had to put a form in the main page of the intranet which appears each time a user enters the intranet until he/she fill the password field. Then the password is stored in SQL.
I'm then using the following code on the top of the page that contains the Activex component to retrieve the password of the connected user :
<%
' retrieve user id (tested with Integrated Windows Authentication)
Set WshNetwork = CreateObject("WScript.NetWork")
strUserName=WshNetwork.UserName
' retrieve the password
'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")                   
'Database connection info and driver
strCon = "Provider=SQLOLEDB;Data Source=HHALFA2;Initial Catalog=Contacts;user id= user; password= pwd"
'Set an active connection to the Connection object
adoCon.Open strCon
'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
strsql="select * from userparam where appid='LOGINPWD' and userid='" & strusername & "'"
rsCheckUser.Open strSQL, strCon
if not rscheckuser.eof then
userPWD=rscheckuser.fields(5).value
end if
%>

Then i can send the password to the TS session using the following code :

MsRdpClient.UserName = "<%=strusername%>"
MsRdpClient.AdvancedSettings.ClearTextPassword = "<%=userPWD%>"

I had also to modify some policy settings on the Windows Server 2003 machine used as TS :

Security Settings->Local Policies->User Right Assignement->Allow log on through terminal services
and
Security Settings->Local Policies->User Right Assignement->Allow log on locally

Add to both those properties the users or groups that you want to allow to use TS from the intranet.

Now it works, i'd like to thank you for the good suggestion and i try to give you some points.

Ivan.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question