Solved

ASP - LDAP Authentication

Posted on 2011-03-04
3
1,035 Views
Last Modified: 2012-05-11
Hi,

i am trying to Authenticate user using LDAP on win2003 from my ASP application.
i always get result as "Failed" when ever i run this code even for existing users.
please correct my code where ever .

ASP -> legacy

FYI, i have another code which works fine and retrieves UserName - Emai l- Phonenumber  when Passed userID
for the same LDAP://Domain
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false

strUser = UserName
strPassword = Password
'response.write(UserName&"---"&Password)
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword

set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing

end function

Open in new window

0
Comment
Question by:kishan66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Assisted Solution

by:Tuyau2poil
Tuyau2poil earned 500 total points
ID: 35056716
may be missing domain in :
oConn.Properties("User ID") = strUser
must be oConn.Properties("User ID") = domain & "\" & strUser
can you try it and post result ?
 
0
 

Author Comment

by:kishan66
ID: 35057068
Hi Tuyau2poil,
Thank you for showing up.

i changed it to domain\strUser ... still the same error.
 
when i used "LDAP:\\Mydomain"  in some other program to retrieve the user's Email & phone number it worked fine.

dont i have to use any Bind? ..
i would really apprecite ur help

-----below is the sample  code that works in different scenario.-----------

sample code which tells i can talk to my LDAP server(Not the problem code but other code which is working to get Email-Phone for a specific User)

strBase = "<LDAP://mydomain>"
	strFilter = "(sAMAccountName=" & strUID & ")" 
	strAttributes = "cn, mail, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	'strAttributes = "cn, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	strScope = "subtree"	
	strFullCommand = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
	set rsADUserInfo = Server.CreateObject("ADODB.Recordset")
	set	rsADUserInfo = connAD.Execute(strFullCommand)

Open in new window

0
 
LVL 4

Accepted Solution

by:
Tuyau2poil earned 500 total points
ID: 35058782
Try this two functions : first just test if user exist, second test user authentication (same as your but rewrited).

note : Domain must be in LDAP notation : "dc=MyDOMAIN,dc=Local"
you can try with netbios name but I don't think it work.


1- this function return true if user exist :

Function testUserExist(strUser,Domain)
 
  dim oConn, Cmd, objRecordSet
 
   
  if strUser = "" then testUserExist = false: exit function
 
  Set oConn = CreateObject("ADODB.Connection")
  Set Cmd = CreateObject("ADODB.Command")
 
  oConn.Provider = "ADsDSOObject"
  oConn.Open "Active Directory Provider"
 
  Set Cmd.ActiveConnection = oConn
 
  Cmd.Properties("Searchscope") = 2 'full AD Search
 
 'Find some user's property
  Cmd.CommandText = "SELECT ADSPath, givenName, sn, homeDirectory FROM 'LDAP://" & Domain & "' WHERE objectCategory='user' AND Name='" & strUser & "*'"
  Set objRecordSet = Cmd.Execute

  if objRecordSet.BOF and objRecordSet.EOF then
   testUserExist = False
  else
  testUserExist = True
  end if

end function




2- validating user authentication : (return 0 if OK, any other value if not OK)

function authenticateUser(username,password,domain)
    dim oConn
    dim Cmd
    dim objRecordSet
 

    on error resume next
   
    Set oConn = Server.CreateObject("ADODB.Connection")
 
    oConn.provider ="ADsDSOObject"
    oConn.properties("user id")=username
    oConn.properties("password")=password
    oConn.open "Active Directory Provider"
    Set Cmd = CreateObject("ADODB.Command")
    Set Cmd.ActiveConnection = oConn
 
    Cmd.CommandText = "select sn from 'LDAP://" & domain & "' WHERE objectCategory='user' "
    Set objRecordSet = Cmd.Execute
 
    authenticateUser=err
 
    objRecordSet.close
    oConn.close
 
    set objRecordSet=nothing
    set Cmd=nothing
    set oConn=nothing
end function

hope this will help
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASP get fieds value 2 38
Asp response.write to clients 6 45
SQL Query Returns Records in SSMS but not Classic ASP 5 43
P3P validator , ASP, PHP ,Https and Http links 3 41
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question