Solved

ASP - LDAP Authentication

Posted on 2011-03-04
3
1,038 Views
Last Modified: 2012-05-11
Hi,

i am trying to Authenticate user using LDAP on win2003 from my ASP application.
i always get result as "Failed" when ever i run this code even for existing users.
please correct my code where ever .

ASP -> legacy

FYI, i have another code which works fine and retrieves UserName - Emai l- Phonenumber  when Passed userID
for the same LDAP://Domain
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false

strUser = UserName
strPassword = Password
'response.write(UserName&"---"&Password)
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword

set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing

end function

Open in new window

0
Comment
Question by:kishan66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Assisted Solution

by:Tuyau2poil
Tuyau2poil earned 500 total points
ID: 35056716
may be missing domain in :
oConn.Properties("User ID") = strUser
must be oConn.Properties("User ID") = domain & "\" & strUser
can you try it and post result ?
 
0
 

Author Comment

by:kishan66
ID: 35057068
Hi Tuyau2poil,
Thank you for showing up.

i changed it to domain\strUser ... still the same error.
 
when i used "LDAP:\\Mydomain"  in some other program to retrieve the user's Email & phone number it worked fine.

dont i have to use any Bind? ..
i would really apprecite ur help

-----below is the sample  code that works in different scenario.-----------

sample code which tells i can talk to my LDAP server(Not the problem code but other code which is working to get Email-Phone for a specific User)

strBase = "<LDAP://mydomain>"
	strFilter = "(sAMAccountName=" & strUID & ")" 
	strAttributes = "cn, mail, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	'strAttributes = "cn, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	strScope = "subtree"	
	strFullCommand = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
	set rsADUserInfo = Server.CreateObject("ADODB.Recordset")
	set	rsADUserInfo = connAD.Execute(strFullCommand)

Open in new window

0
 
LVL 4

Accepted Solution

by:
Tuyau2poil earned 500 total points
ID: 35058782
Try this two functions : first just test if user exist, second test user authentication (same as your but rewrited).

note : Domain must be in LDAP notation : "dc=MyDOMAIN,dc=Local"
you can try with netbios name but I don't think it work.


1- this function return true if user exist :

Function testUserExist(strUser,Domain)
 
  dim oConn, Cmd, objRecordSet
 
   
  if strUser = "" then testUserExist = false: exit function
 
  Set oConn = CreateObject("ADODB.Connection")
  Set Cmd = CreateObject("ADODB.Command")
 
  oConn.Provider = "ADsDSOObject"
  oConn.Open "Active Directory Provider"
 
  Set Cmd.ActiveConnection = oConn
 
  Cmd.Properties("Searchscope") = 2 'full AD Search
 
 'Find some user's property
  Cmd.CommandText = "SELECT ADSPath, givenName, sn, homeDirectory FROM 'LDAP://" & Domain & "' WHERE objectCategory='user' AND Name='" & strUser & "*'"
  Set objRecordSet = Cmd.Execute

  if objRecordSet.BOF and objRecordSet.EOF then
   testUserExist = False
  else
  testUserExist = True
  end if

end function




2- validating user authentication : (return 0 if OK, any other value if not OK)

function authenticateUser(username,password,domain)
    dim oConn
    dim Cmd
    dim objRecordSet
 

    on error resume next
   
    Set oConn = Server.CreateObject("ADODB.Connection")
 
    oConn.provider ="ADsDSOObject"
    oConn.properties("user id")=username
    oConn.properties("password")=password
    oConn.open "Active Directory Provider"
    Set Cmd = CreateObject("ADODB.Command")
    Set Cmd.ActiveConnection = oConn
 
    Cmd.CommandText = "select sn from 'LDAP://" & domain & "' WHERE objectCategory='user' "
    Set objRecordSet = Cmd.Execute
 
    authenticateUser=err
 
    objRecordSet.close
    oConn.close
 
    set objRecordSet=nothing
    set Cmd=nothing
    set oConn=nothing
end function

hope this will help
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question