Solved

ASP - LDAP Authentication

Posted on 2011-03-04
3
1,026 Views
Last Modified: 2012-05-11
Hi,

i am trying to Authenticate user using LDAP on win2003 from my ASP application.
i always get result as "Failed" when ever i run this code even for existing users.
please correct my code where ever .

ASP -> legacy

FYI, i have another code which works fine and retrieves UserName - Emai l- Phonenumber  when Passed userID
for the same LDAP://Domain
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false

strUser = UserName
strPassword = Password
'response.write(UserName&"---"&Password)
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword

set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing

end function

Open in new window

0
Comment
Question by:kishan66
  • 2
3 Comments
 
LVL 4

Assisted Solution

by:Tuyau2poil
Tuyau2poil earned 500 total points
ID: 35056716
may be missing domain in :
oConn.Properties("User ID") = strUser
must be oConn.Properties("User ID") = domain & "\" & strUser
can you try it and post result ?
 
0
 

Author Comment

by:kishan66
ID: 35057068
Hi Tuyau2poil,
Thank you for showing up.

i changed it to domain\strUser ... still the same error.
 
when i used "LDAP:\\Mydomain"  in some other program to retrieve the user's Email & phone number it worked fine.

dont i have to use any Bind? ..
i would really apprecite ur help

-----below is the sample  code that works in different scenario.-----------

sample code which tells i can talk to my LDAP server(Not the problem code but other code which is working to get Email-Phone for a specific User)

strBase = "<LDAP://mydomain>"
	strFilter = "(sAMAccountName=" & strUID & ")" 
	strAttributes = "cn, mail, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	'strAttributes = "cn, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	strScope = "subtree"	
	strFullCommand = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
	set rsADUserInfo = Server.CreateObject("ADODB.Recordset")
	set	rsADUserInfo = connAD.Execute(strFullCommand)

Open in new window

0
 
LVL 4

Accepted Solution

by:
Tuyau2poil earned 500 total points
ID: 35058782
Try this two functions : first just test if user exist, second test user authentication (same as your but rewrited).

note : Domain must be in LDAP notation : "dc=MyDOMAIN,dc=Local"
you can try with netbios name but I don't think it work.


1- this function return true if user exist :

Function testUserExist(strUser,Domain)
 
  dim oConn, Cmd, objRecordSet
 
   
  if strUser = "" then testUserExist = false: exit function
 
  Set oConn = CreateObject("ADODB.Connection")
  Set Cmd = CreateObject("ADODB.Command")
 
  oConn.Provider = "ADsDSOObject"
  oConn.Open "Active Directory Provider"
 
  Set Cmd.ActiveConnection = oConn
 
  Cmd.Properties("Searchscope") = 2 'full AD Search
 
 'Find some user's property
  Cmd.CommandText = "SELECT ADSPath, givenName, sn, homeDirectory FROM 'LDAP://" & Domain & "' WHERE objectCategory='user' AND Name='" & strUser & "*'"
  Set objRecordSet = Cmd.Execute

  if objRecordSet.BOF and objRecordSet.EOF then
   testUserExist = False
  else
  testUserExist = True
  end if

end function




2- validating user authentication : (return 0 if OK, any other value if not OK)

function authenticateUser(username,password,domain)
    dim oConn
    dim Cmd
    dim objRecordSet
 

    on error resume next
   
    Set oConn = Server.CreateObject("ADODB.Connection")
 
    oConn.provider ="ADsDSOObject"
    oConn.properties("user id")=username
    oConn.properties("password")=password
    oConn.open "Active Directory Provider"
    Set Cmd = CreateObject("ADODB.Command")
    Set Cmd.ActiveConnection = oConn
 
    Cmd.CommandText = "select sn from 'LDAP://" & domain & "' WHERE objectCategory='user' "
    Set objRecordSet = Cmd.Execute
 
    authenticateUser=err
 
    objRecordSet.close
    oConn.close
 
    set objRecordSet=nothing
    set Cmd=nothing
    set oConn=nothing
end function

hope this will help
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question