ajohans
asked on
IIS authentication against AD
I am having problems with my code and IIS. I want to read (through asp) the user currently logged on the computer and read out some information about this user from the AD. I have enabled only "Integrated Windows Authentication" in IIS and I am able to read out the user logon name with the code "Request.ServerVariables(" AUTH_USER" )" but then I am not able to read information from the AD. I get Active Server Pages error 'ASP 0113' Script timed out.
If I logon to the server (via Remote Desktop) the page works fine, but not if I run on another computer on the domain. I have pasted the code below
(The AD is not on the same computer as the IIS)
Does anyone have any suggestions?
If I logon to the server (via Remote Desktop) the page works fine, but not if I run on another computer on the domain. I have pasted the code below
(The AD is not on the same computer as the IIS)
Does anyone have any suggestions?
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
If objConnection.State <> adStateOpen Then
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Sort on") = "sn"
objCommand.Properties("Timeout") = 10
objCommand.CommandText = "SELECT Name, sAMAccountName,displayname, sn, givenname FROM 'LDAP://OU=*,OU=**,OU=***,OU=****,DC=*****,DC=******,DC=*******"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Response.Write objRecordSet.Fields("sn").Value
objRecordSet.MoveNext
Loop
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
ASKER
Thank you for your reply, I tried your suggestion but it still doesn't work. Nothing happens and after a while it times out. The strange thing is that the code works perfectly if I run it (with IE) on the server, but not if I run it on my local computer logged on to the network. My computer and the IIS is on the same domain.
I had a similar problem so I used GC instead try this code see if it works.
Dont forget you need to strip down the request.ServerVariables("A UTH_USER") to make sure it strips out the domain from domain\username which is where i use the code mid(request.ServerVariable s("AUTH_US ER"),6)
strUserName = mid(request.ServerVariable s("AUTH_US ER"),6)
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNami ngContext" )
objADsPath = "DC=***,DC=***,DC=**"
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB .Connectio n")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Comman d")
Set Com.ActiveConnection = con
Com.CommandText ="select Name, sAMAccountName,displayname , sn, givenname FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsern ame+"'"
Set rs = Com.Execute
Dont forget you need to strip down the request.ServerVariables("A
strUserName = mid(request.ServerVariable
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNami
objADsPath = "DC=***,DC=***,DC=**"
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Comman
Set Com.ActiveConnection = con
Com.CommandText ="select Name, sAMAccountName,displayname
Set rs = Com.Execute
When you log on with RDP to your DC (?). Is it a domain admin you log on with?
SG
SG
ASKER
Summers: Thank you for your reply. I have tried your suggestion but it didn't work.
Snusgubben: I always use the same user account on both the server and on my local computer
/Andreas
Snusgubben: I always use the same user account on both the server and on my local computer
/Andreas
will the strUserName = mid(request.ServerVariable s("AUTH_US ER"),6) display a username on the asp page.
<%=strUserName%>
Try it by itelf to see if authentication is working okay
<%=strUserName%>
Try it by itelf to see if authentication is working okay
ASKER
Yes, I get the correct username.
The IIS and AD are not on the same server, but both are on the same domain, could this be a problem?
The IIS and AD are not on the same server, but both are on the same domain, could this be a problem?
no thats no the problem did you make sure that you removed the domain from the username before running the select statement
do a response.write on screen with select statement to see if its formatted correctly and if the username is being presented to AD.
ASKER
Yes, the correct username is presented and the select statement looks right.
I thought about open ports, do you know if any specific ports has to be opened for this to work. I have done a google-search and found port 389, but that is open, do you know if any has to be open?
I thought about open ports, do you know if any specific ports has to be opened for this to work. I have done a google-search and found port 389, but that is open, do you know if any has to be open?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
'LDAP://OU=*,OU=**,OU=***,