newbie27
asked on
Authentication username and password with active directory
I want the users to be able to use their Windows username and password, which is controlled by Active Directory on our domain controller.
1)Login.asp
<%
dim submit
dim UserName
dim Password
UserName = ""
Password = ""
Domain = "domain.com"
submit = request.form("submit")
if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
end if
end if
response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username: </b ></td><td> <input type='text'"
name="'UserName' value='' & UserName & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password: </b ></td><td> <input type='password' name='Password' value='' & Password & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain: </b></td><td> <input type='text' name='Domain' value='' & Domain & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td> </td><td><input name='submit' type='submit' value='Authenticate'></td> "
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false
strUser = UserName
strPassword = Password
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB .Connectio n")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password ") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword
set cmd = server.CreateObject("ADODB .Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing
end function
%>
2)detail.asp
When i logged in with the correct login credentials it is redirecting to the detail.asp page.
But on giving the in-correct domain username or password it is redirecting to the error page with the below details instead of that i want to redirect back to login.asp page with a message of invalid login details.
detail.asp
Provider error '80040e09'
Permission denied.
/web-forms-live/applogin.a sp, line 91
On this same error page when i try to access the direct link of detail.asp (e.g. http://host-name/forms/detail.asp) it is getting redirected to the detail.asp page without prompting any login validations.
Please advise.
1)Login.asp
<%
dim submit
dim UserName
dim Password
UserName = ""
Password = ""
Domain = "domain.com"
submit = request.form("submit")
if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName,
if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
end if
end if
response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username: </b
name="'UserName' value='' & UserName & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password: </b
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain: </b></td><td>
response.write "</tr>"
response.write "<tr>"
response.write "<td> </td><td><input
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end
function AuthenticateUser(UserName,
dim strUser
' assume failure
AuthenticateUser = false
strUser = UserName
strPassword = Password
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword
set cmd = server.CreateObject("ADODB
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing
end function
%>
2)detail.asp
When i logged in with the correct login credentials it is redirecting to the detail.asp page.
But on giving the in-correct domain username or password it is redirecting to the error page with the below details instead of that i want to redirect back to login.asp page with a message of invalid login details.
detail.asp
Provider error '80040e09'
Permission denied.
/web-forms-live/applogin.a
On this same error page when i try to access the direct link of detail.asp (e.g. http://host-name/forms/detail.asp) it is getting redirected to the detail.asp page without prompting any login validations.
Please advise.
It looks like we need to look at /web-forms-live/applogin.a sp coding. Something must be going on besides logging in.
ASKER
1)Login.asp is nothing but applogin.asp, after successful login it should redirect to details.asp page.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp? Or is login.asp a separate page with a form and redirect?
---Yes, actually it refers to applogin.asp just for an e.g. I used login.asp
Your error is on line 91 and your code above only has 75 lines of code. What is going on at line 91 to cause the error to start with?
after successful login it should redirect to details.asp
You have already said the page is working when you have a good log in. The problem is when you don't authenticate.
---Yes,it is working fine by giving correct login details. Problem is only when it is not being authenticated well.
What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting. If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.
--- Please find attached applogin.asp page for your refrence.
if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if
---- I tried with response.end still am getting the same error of permission denied.
On this line : set oRS = cmd.Execute
applogin
---Yes, actually it refers to applogin.asp just for an e.g. I used login.asp
Your error is on line 91 and your code above only has 75 lines of code. What is going on at line 91 to cause the error to start with?
after successful login it should redirect to details.asp
You have already said the page is working when you have a good log in. The problem is when you don't authenticate.
---Yes,it is working fine by giving correct login details. Problem is only when it is not being authenticated well.
What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting. If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.
--- Please find attached applogin.asp page for your refrence.
if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if
---- I tried with response.end still am getting the same error of permission denied.
On this line : set oRS = cmd.Execute
applogin
I will look over in more detail tomorrow. but it sounds like the db is being hit twice. If you move the function to the top of the page does that help?
ASKER
Any other expert comments please. Need urgent help..
As I said, the error is caused by the database being hit twice and it errors because it was not reset on the first pass.
The reason it is being hit twice is because you are accessing the function both from submitting the form and via the javascript submitting data.
You either need to add a preventDefault() function in your javascript or not use js to submit the data.
My suggestion is since you are doing this all on one page, keep the js where it detects something has not been entered but remove the js function function LoginValidation()
as you are already validating server side.
When you tested the code did you notice that form shows up twice after you hit a bad username/password?
The reason it is being hit twice is because you are accessing the function both from submitting the form and via the javascript submitting data.
You either need to add a preventDefault() function in your javascript or not use js to submit the data.
My suggestion is since you are doing this all on one page, keep the js where it detects something has not been entered but remove the js function function LoginValidation()
as you are already validating server side.
When you tested the code did you notice that form shows up twice after you hit a bad username/password?
If this helps show you what is happening, inside your serverside function add the code below just after function AuthenticateUser(UserName, Password, Domain)
if session("x")="" then
session("x")=1
else
session("x")=cdbl(session( "x"))+1
end if
response.write "function counter= "&session("x")&"<hr>"
if session("x")="" then
session("x")=1
else
session("x")=cdbl(session(
end if
response.write "function counter= "&session("x")&"<hr>"
ASKER
On submit without using js and giving any values in username and password fields i got below error
Provider error '80040e37'
Table does not exist.
/Web-Forms-Live/applogin.a sp, line 91
With Js validation on giving incorrect username/password i got the below error message
Provider error '80040e09'
Permission denied.
/Web-Forms-Live/applogin.a sp, line 91
after function AuthenticateUser(UserName, Password, Domain)
----after function AuthenticateUser(UserName, Password, Domain)
if session("UserName")="" then
session("UserName")=1
else
session("UserName")=CDbl(s ession("Us erName"))+ 1
end if
response.write "function counter= "&session("UserName")&"<hr >"
I got the below error message.
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'CDbl'
/Web-Forms-Live/applogin.a sp, line 75
Provider error '80040e37'
Table does not exist.
/Web-Forms-Live/applogin.a
With Js validation on giving incorrect username/password i got the below error message
Provider error '80040e09'
Permission denied.
/Web-Forms-Live/applogin.a
after function AuthenticateUser(UserName,
----after function AuthenticateUser(UserName,
if session("UserName")="" then
session("UserName")=1
else
session("UserName")=CDbl(s
end if
response.write "function counter= "&session("UserName")&"<hr
I got the below error message.
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'CDbl'
/Web-Forms-Live/applogin.a
ASKER
Any update please
I"m sorry, I think my post from yesterday did not go through. The reason is the connection string needs to be inside the function. All variables in a function are only for that function.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Charlie. That has worked! Wish I have had thought about this earlier.