?
Solved

Authentication username and password with active directory

Posted on 2013-01-12
13
Medium Priority
?
1,043 Views
Last Modified: 2013-01-18
I want the users to be able to use their Windows username and password, which is controlled by Active Directory on our domain controller.

1)Login.asp

<%
dim submit
dim UserName
dim Password
 
UserName = ""
Password = ""
Domain = "domain.com"
 
submit = request.form("submit")
 
if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
Response.redirect to details.asp

else
response.write "<h3>Authentication Failed!</h3>"
end if
end if
 
response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username:&nbsp;</b></td><td><input type='text'"
name="'UserName' value='' & UserName & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password:&nbsp;</b></td><td><input type='password' name='Password' value='' & Password & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain:&nbsp;</b></td><td><input type='text' name='Domain' value='' & Domain & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td>&nbsp;</td><td><input name='submit' type='submit' value='Authenticate'></td>"
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end
 
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false
 
strUser = UserName
strPassword = Password
 
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword
 
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
 
end if
set oRS = nothing
set oConn = nothing
 
end function
 
%>

2)detail.asp

When i logged in with the correct login credentials it is redirecting to the detail.asp page.

But on giving the in-correct domain username or password it is redirecting to the error page with the below details instead of that i want to redirect back to login.asp page with a message of invalid login details.

detail.asp

Provider error '80040e09'

Permission denied.

/web-forms-live/applogin.asp, line 91

On this same error page when i try to access the direct link of detail.asp (e.g. http://host-name/forms/detail.asp) it is getting redirected to the detail.asp page without prompting any login validations.

Please advise.
0
Comment
Question by:newbie27
  • 6
  • 6
13 Comments
 
LVL 55

Expert Comment

by:Scott Fell, EE MVE
ID: 38770265
It looks like we need to look at /web-forms-live/applogin.asp coding.  Something must be going on besides logging in.
0
 
LVL 8

Author Comment

by:newbie27
ID: 38771169
1)Login.asp is nothing but applogin.asp, after successful login it should redirect to details.asp page.
0
 
LVL 55

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 400 total points
ID: 38771208
1)Login.asp is nothing but applogin.asp,
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp?  Or is login.asp a separate page with a form and redirect?  

Your error is on line 91 and your code above only has 75 lines of code.  What is going on at line 91 to cause the error to start with?

after successful login it should redirect to details.asp
You have already said the page is working when you have a good log in.  The problem is when you don't authenticate.

What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting.   If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.

if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
LVL 8

Author Comment

by:newbie27
ID: 38771292
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp?  Or is login.asp a separate page with a form and redirect?
---Yes, actually it refers to applogin.asp just for an e.g. I used login.asp

Your error is on line 91 and your code above only has 75 lines of code.  What is going on at line 91 to cause the error to start with?
after successful login it should redirect to details.asp

You have already said the page is working when you have a good log in.  The problem is when you don't authenticate.

---Yes,it is working fine by giving correct login details. Problem is only when it is not being authenticated well.

What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting.   If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.

--- Please find attached applogin.asp page for your refrence.

if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if

---- I tried with response.end still am getting the same error of permission denied.
On this line : set oRS = cmd.Execute
applogin
0
 
LVL 55

Expert Comment

by:Scott Fell, EE MVE
ID: 38771367
I will look over in more detail tomorrow. but it sounds like the db is being hit twice.   If you move the function to the top of the page does that help?
0
 
LVL 8

Author Comment

by:newbie27
ID: 38771712
Any other expert comments please. Need urgent help..
0
 
LVL 55

Expert Comment

by:Scott Fell, EE MVE
ID: 38771982
As I said, the error is caused by the database being hit twice and it errors because it was not reset on the first pass.

The reason it is being hit twice is because you are accessing the function both from submitting the form and via the javascript submitting data.

You either need to add a preventDefault() function in your javascript or not use js to submit the data.

My suggestion is since you are doing this all on one page, keep the js where it detects something has not been entered but remove the js function function LoginValidation()
 as you are already validating server side.

When you tested the code did you notice that form shows up twice after you hit a bad username/password?
0
 
LVL 55

Expert Comment

by:Scott Fell, EE MVE
ID: 38771991
If this helps show you what is happening,  inside your serverside function add the code below just after function AuthenticateUser(UserName, Password, Domain)



if session("x")="" then      
      session("x")=1
      else
      session("x")=cdbl(session("x"))+1
end if
response.write "function counter= "&session("x")&"<hr>"
0
 
LVL 8

Author Comment

by:newbie27
ID: 38773608
On submit without using js and giving any values in username and password fields i got below error

Provider error '80040e37'

Table does not exist.

/Web-Forms-Live/applogin.asp, line 91

With Js validation on giving incorrect username/password i got the below error message

Provider error '80040e09'

Permission denied.

/Web-Forms-Live/applogin.asp, line 91

after function AuthenticateUser(UserName, Password, Domain)

----after function AuthenticateUser(UserName, Password, Domain)

if session("UserName")="" then      
      session("UserName")=1
     else
    session("UserName")=CDbl(session("UserName"))+1
end if
response.write "function counter= "&session("UserName")&"<hr>"

I got the below error message.

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'CDbl'

/Web-Forms-Live/applogin.asp, line 75
0
 
LVL 8

Author Comment

by:newbie27
ID: 38777981
Any update please
0
 
LVL 55

Expert Comment

by:Scott Fell, EE MVE
ID: 38780973
I"m sorry, I think my post from yesterday did not go through. The reason is the connection string needs to be inside the function.  All variables in a function are only for that function.
0
 
LVL 6

Accepted Solution

by:
charlie324 earned 1600 total points
ID: 38792274
Hi,
Use Error object and check

If Err.Number <> 0 Then
AuthenticateUser = false
Else
....
AuthenticateUser = true
End If

Let me know if it works.
0
 
LVL 8

Author Closing Comment

by:newbie27
ID: 38792379
Thank you Charlie. That has worked! Wish I have had thought about this earlier.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
Welcome, welcome!  If you are new to the series and haven't been following along, please take a brief moment to review the first three installments: Part 1 (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/A_266-VBScri…
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question