Link to home
Start Free TrialLog in
Avatar of newbie27
newbie27Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Authentication username and password with active directory

I want the users to be able to use their Windows username and password, which is controlled by Active Directory on our domain controller.

1)Login.asp

<%
dim submit
dim UserName
dim Password
 
UserName = ""
Password = ""
Domain = "domain.com"
 
submit = request.form("submit")
 
if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
Response.redirect to details.asp

else
response.write "<h3>Authentication Failed!</h3>"
end if
end if
 
response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username:&nbsp;</b></td><td><input type='text'"
name="'UserName' value='' & UserName & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password:&nbsp;</b></td><td><input type='password' name='Password' value='' & Password & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain:&nbsp;</b></td><td><input type='text' name='Domain' value='' & Domain & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td>&nbsp;</td><td><input name='submit' type='submit' value='Authenticate'></td>"
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end
 
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false
 
strUser = UserName
strPassword = Password
 
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword
 
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
 
end if
set oRS = nothing
set oConn = nothing
 
end function
 
%>

2)detail.asp

When i logged in with the correct login credentials it is redirecting to the detail.asp page.

But on giving the in-correct domain username or password it is redirecting to the error page with the below details instead of that i want to redirect back to login.asp page with a message of invalid login details.

detail.asp

Provider error '80040e09'

Permission denied.

/web-forms-live/applogin.asp, line 91

On this same error page when i try to access the direct link of detail.asp (e.g. http://host-name/forms/detail.asp) it is getting redirected to the detail.asp page without prompting any login validations.

Please advise.
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

It looks like we need to look at /web-forms-live/applogin.asp coding.  Something must be going on besides logging in.
Avatar of newbie27

ASKER

1)Login.asp is nothing but applogin.asp, after successful login it should redirect to details.asp page.
SOLUTION
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp?  Or is login.asp a separate page with a form and redirect?
---Yes, actually it refers to applogin.asp just for an e.g. I used login.asp

Your error is on line 91 and your code above only has 75 lines of code.  What is going on at line 91 to cause the error to start with?
after successful login it should redirect to details.asp

You have already said the page is working when you have a good log in.  The problem is when you don't authenticate.

---Yes,it is working fine by giving correct login details. Problem is only when it is not being authenticated well.

What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting.   If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.

--- Please find attached applogin.asp page for your refrence.

if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if

---- I tried with response.end still am getting the same error of permission denied.
On this line : set oRS = cmd.Execute
applogin
I will look over in more detail tomorrow. but it sounds like the db is being hit twice.   If you move the function to the top of the page does that help?
Any other expert comments please. Need urgent help..
As I said, the error is caused by the database being hit twice and it errors because it was not reset on the first pass.

The reason it is being hit twice is because you are accessing the function both from submitting the form and via the javascript submitting data.

You either need to add a preventDefault() function in your javascript or not use js to submit the data.

My suggestion is since you are doing this all on one page, keep the js where it detects something has not been entered but remove the js function function LoginValidation()
 as you are already validating server side.

When you tested the code did you notice that form shows up twice after you hit a bad username/password?
If this helps show you what is happening,  inside your serverside function add the code below just after function AuthenticateUser(UserName, Password, Domain)



if session("x")="" then      
      session("x")=1
      else
      session("x")=cdbl(session("x"))+1
end if
response.write "function counter= "&session("x")&"<hr>"
On submit without using js and giving any values in username and password fields i got below error

Provider error '80040e37'

Table does not exist.

/Web-Forms-Live/applogin.asp, line 91

With Js validation on giving incorrect username/password i got the below error message

Provider error '80040e09'

Permission denied.

/Web-Forms-Live/applogin.asp, line 91

after function AuthenticateUser(UserName, Password, Domain)

----after function AuthenticateUser(UserName, Password, Domain)

if session("UserName")="" then      
      session("UserName")=1
     else
    session("UserName")=CDbl(session("UserName"))+1
end if
response.write "function counter= "&session("UserName")&"<hr>"

I got the below error message.

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'CDbl'

/Web-Forms-Live/applogin.asp, line 75
Any update please
I"m sorry, I think my post from yesterday did not go through. The reason is the connection string needs to be inside the function.  All variables in a function are only for that function.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you Charlie. That has worked! Wish I have had thought about this earlier.