Solved

Authentication username and password with active directory

Posted on 2013-01-12
13
914 Views
Last Modified: 2013-01-18
I want the users to be able to use their Windows username and password, which is controlled by Active Directory on our domain controller.

1)Login.asp

<%
dim submit
dim UserName
dim Password
 
UserName = ""
Password = ""
Domain = "domain.com"
 
submit = request.form("submit")
 
if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
Response.redirect to details.asp

else
response.write "<h3>Authentication Failed!</h3>"
end if
end if
 
response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username:&nbsp;</b></td><td><input type='text'"
name="'UserName' value='' & UserName & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password:&nbsp;</b></td><td><input type='password' name='Password' value='' & Password & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain:&nbsp;</b></td><td><input type='text' name='Domain' value='' & Domain & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td>&nbsp;</td><td><input name='submit' type='submit' value='Authenticate'></td>"
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end
 
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false
 
strUser = UserName
strPassword = Password
 
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword
 
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
 
end if
set oRS = nothing
set oConn = nothing
 
end function
 
%>

2)detail.asp

When i logged in with the correct login credentials it is redirecting to the detail.asp page.

But on giving the in-correct domain username or password it is redirecting to the error page with the below details instead of that i want to redirect back to login.asp page with a message of invalid login details.

detail.asp

Provider error '80040e09'

Permission denied.

/web-forms-live/applogin.asp, line 91

On this same error page when i try to access the direct link of detail.asp (e.g. http://host-name/forms/detail.asp) it is getting redirected to the detail.asp page without prompting any login validations.

Please advise.
0
Comment
Question by:newbie27
  • 6
  • 6
13 Comments
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38770265
It looks like we need to look at /web-forms-live/applogin.asp coding.  Something must be going on besides logging in.
0
 
LVL 8

Author Comment

by:newbie27
ID: 38771169
1)Login.asp is nothing but applogin.asp, after successful login it should redirect to details.asp page.
0
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 100 total points
ID: 38771208
1)Login.asp is nothing but applogin.asp,
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp?  Or is login.asp a separate page with a form and redirect?  

Your error is on line 91 and your code above only has 75 lines of code.  What is going on at line 91 to cause the error to start with?

after successful login it should redirect to details.asp
You have already said the page is working when you have a good log in.  The problem is when you don't authenticate.

What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting.   If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.

if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if
0
 
LVL 8

Author Comment

by:newbie27
ID: 38771292
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp?  Or is login.asp a separate page with a form and redirect?
---Yes, actually it refers to applogin.asp just for an e.g. I used login.asp

Your error is on line 91 and your code above only has 75 lines of code.  What is going on at line 91 to cause the error to start with?
after successful login it should redirect to details.asp

You have already said the page is working when you have a good log in.  The problem is when you don't authenticate.

---Yes,it is working fine by giving correct login details. Problem is only when it is not being authenticated well.

What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting.   If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.

--- Please find attached applogin.asp page for your refrence.

if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if

---- I tried with response.end still am getting the same error of permission denied.
On this line : set oRS = cmd.Execute
applogin
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38771367
I will look over in more detail tomorrow. but it sounds like the db is being hit twice.   If you move the function to the top of the page does that help?
0
 
LVL 8

Author Comment

by:newbie27
ID: 38771712
Any other expert comments please. Need urgent help..
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38771982
As I said, the error is caused by the database being hit twice and it errors because it was not reset on the first pass.

The reason it is being hit twice is because you are accessing the function both from submitting the form and via the javascript submitting data.

You either need to add a preventDefault() function in your javascript or not use js to submit the data.

My suggestion is since you are doing this all on one page, keep the js where it detects something has not been entered but remove the js function function LoginValidation()
 as you are already validating server side.

When you tested the code did you notice that form shows up twice after you hit a bad username/password?
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38771991
If this helps show you what is happening,  inside your serverside function add the code below just after function AuthenticateUser(UserName, Password, Domain)



if session("x")="" then      
      session("x")=1
      else
      session("x")=cdbl(session("x"))+1
end if
response.write "function counter= "&session("x")&"<hr>"
0
 
LVL 8

Author Comment

by:newbie27
ID: 38773608
On submit without using js and giving any values in username and password fields i got below error

Provider error '80040e37'

Table does not exist.

/Web-Forms-Live/applogin.asp, line 91

With Js validation on giving incorrect username/password i got the below error message

Provider error '80040e09'

Permission denied.

/Web-Forms-Live/applogin.asp, line 91

after function AuthenticateUser(UserName, Password, Domain)

----after function AuthenticateUser(UserName, Password, Domain)

if session("UserName")="" then      
      session("UserName")=1
     else
    session("UserName")=CDbl(session("UserName"))+1
end if
response.write "function counter= "&session("UserName")&"<hr>"

I got the below error message.

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'CDbl'

/Web-Forms-Live/applogin.asp, line 75
0
 
LVL 8

Author Comment

by:newbie27
ID: 38777981
Any update please
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 38780973
I"m sorry, I think my post from yesterday did not go through. The reason is the connection string needs to be inside the function.  All variables in a function are only for that function.
0
 
LVL 6

Accepted Solution

by:
charlie324 earned 400 total points
ID: 38792274
Hi,
Use Error object and check

If Err.Number <> 0 Then
AuthenticateUser = false
Else
....
AuthenticateUser = true
End If

Let me know if it works.
0
 
LVL 8

Author Closing Comment

by:newbie27
ID: 38792379
Thank you Charlie. That has worked! Wish I have had thought about this earlier.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Unlike scripting languages such as C# where a semi-colon is used to indicate the end of a command, Microsoft's VBScript language relies on line breaks to determine when a command begins and ends. As you can imagine, this quickly results in messy cod…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now