• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 922
  • Last Modified:

IIS authentication against AD

I am having problems with my code and IIS. I want to read (through asp) the user currently logged on the computer and read out some information about this user from the AD. I have enabled only "Integrated Windows Authentication" in IIS and I am able to read out the user logon name with the code "Request.ServerVariables("AUTH_USER")" but then I am not able to read information from the AD. I get Active Server Pages error 'ASP 0113'  Script timed out.
If I logon to the server (via Remote Desktop) the page works fine, but not if I run on another computer on the domain. I have pasted the code below
(The AD is not on the same computer as the IIS)
Does anyone have any suggestions?
Const ADS_SCOPE_SUBTREE = 2
    
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
If objConnection.State <> adStateOpen Then
  Set objCommand = CreateObject("ADODB.Command")
  Set objCommand.ActiveConnection = objConnection
 
  objCommand.Properties("Page Size") = 1000
  objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
  objCommand.Properties("Sort on") = "sn"
  objCommand.Properties("Timeout") = 10
  objCommand.CommandText = "SELECT Name, sAMAccountName,displayname, sn, givenname FROM 'LDAP://OU=*,OU=**,OU=***,OU=****,DC=*****,DC=******,DC=*******"  
 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
    
Do Until objRecordSet.EOF
  Response.Write objRecordSet.Fields("sn").Value
  objRecordSet.MoveNext
Loop
		
Set objConnection = Nothing            
Set objCommand = Nothing
Set objRecordSet = Nothing

Open in new window

0
ajohans
Asked:
ajohans
  • 5
  • 4
  • 2
1 Solution
 
snusgubbenCommented:
You miss a trailing '

'LDAP://OU=*,OU=**,OU=***,OU=****,DC=*****,DC=******,DC=*******' WHERE objectCategory='user' "

 
0
 
ajohansAuthor Commented:
Thank you for your reply, I tried your suggestion but it still doesn't work. Nothing happens and after a while it times out. The strange thing is that the code works perfectly if I run it (with IE) on the server, but not if I run it on my local computer logged on to the network. My computer and the IIS is on the same domain.
0
 
Leon SummersCommented:
I had a similar problem so I used GC instead try this code see if it works.

Dont forget you need to strip down the request.ServerVariables("AUTH_USER") to make sure it strips out the domain from domain\username which is where i use the code mid(request.ServerVariables("AUTH_USER"),6)  

strUserName = mid(request.ServerVariables("AUTH_USER"),6)  
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
objADsPath = "DC=***,DC=***,DC=**"
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select Name, sAMAccountName,displayname, sn, givenname FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set rs = Com.Execute
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
snusgubbenCommented:
When you log on with RDP to your DC (?). Is it a domain admin you log on with?


SG
0
 
ajohansAuthor Commented:
Summers: Thank you for your reply. I have tried your suggestion but it didn't work.

Snusgubben: I always use the same user account on both the server and on my local computer

/Andreas
0
 
Leon SummersCommented:
will the strUserName = mid(request.ServerVariables("AUTH_USER"),6)   display a username on the asp page.
<%=strUserName%>
Try it by itelf to see if authentication is working okay
0
 
ajohansAuthor Commented:
Yes, I get the correct username.
The IIS and AD are not on the same server, but both are on the same domain, could this be a problem?
0
 
Leon SummersCommented:
no thats no the problem did you make sure that you removed the domain from the username before running the select statement
0
 
Leon SummersCommented:
do a response.write on screen with select statement to see if its formatted correctly and if the username is being presented to AD.
0
 
ajohansAuthor Commented:
Yes, the correct username is presented and the select statement looks right.
I thought about open ports, do you know if any specific ports has to be opened for this to work. I have done a google-search and found port 389, but that is open, do you know if any has to be open?
0
 
Leon SummersCommented:
nope it sounds like permissions problem I have some code somewhere were you can specify an account to run the select against AD. Found it try this

strUserName = mid(request.ServerVariables("AUTH_USER"),6)
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.Properties("User ID") = "domain\username"
con.Properties("Password") = "******"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select department from 'GC://"+objADsPath+"' WHERE objectCategory='person' AND department='*' ORDER BY department"
Set rs = Com.Execute
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now