[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Authentication username and password with active directory

Posted on 2013-01-12
13
Medium Priority
?
976 Views
Last Modified: 2013-01-18
I want the users to be able to use their Windows username and password, which is controlled by Active Directory on our domain controller.

1)Login.asp

<%
dim submit
dim UserName
dim Password
 
UserName = ""
Password = ""
Domain = "domain.com"
 
submit = request.form("submit")
 
if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
Response.redirect to details.asp

else
response.write "<h3>Authentication Failed!</h3>"
end if
end if
 
response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username:&nbsp;</b></td><td><input type='text'"
name="'UserName' value='' & UserName & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password:&nbsp;</b></td><td><input type='password' name='Password' value='' & Password & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain:&nbsp;</b></td><td><input type='text' name='Domain' value='' & Domain & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td>&nbsp;</td><td><input name='submit' type='submit' value='Authenticate'></td>"
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end
 
function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false
 
strUser = UserName
strPassword = Password
 
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword
 
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
 
end if
set oRS = nothing
set oConn = nothing
 
end function
 
%>

2)detail.asp

When i logged in with the correct login credentials it is redirecting to the detail.asp page.

But on giving the in-correct domain username or password it is redirecting to the error page with the below details instead of that i want to redirect back to login.asp page with a message of invalid login details.

detail.asp

Provider error '80040e09'

Permission denied.

/web-forms-live/applogin.asp, line 91

On this same error page when i try to access the direct link of detail.asp (e.g. http://host-name/forms/detail.asp) it is getting redirected to the detail.asp page without prompting any login validations.

Please advise.
0
Comment
Question by:newbie27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 38770265
It looks like we need to look at /web-forms-live/applogin.asp coding.  Something must be going on besides logging in.
0
 
LVL 8

Author Comment

by:newbie27
ID: 38771169
1)Login.asp is nothing but applogin.asp, after successful login it should redirect to details.asp page.
0
 
LVL 54

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 400 total points
ID: 38771208
1)Login.asp is nothing but applogin.asp,
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp?  Or is login.asp a separate page with a form and redirect?  

Your error is on line 91 and your code above only has 75 lines of code.  What is going on at line 91 to cause the error to start with?

after successful login it should redirect to details.asp
You have already said the page is working when you have a good log in.  The problem is when you don't authenticate.

What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting.   If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.

if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 8

Author Comment

by:newbie27
ID: 38771292
Are you telling me that in your original question post where you show "login.asp" you are actually referring to http://www.mysite.com//web-forms-live/applogin.asp?  Or is login.asp a separate page with a form and redirect?
---Yes, actually it refers to applogin.asp just for an e.g. I used login.asp

Your error is on line 91 and your code above only has 75 lines of code.  What is going on at line 91 to cause the error to start with?
after successful login it should redirect to details.asp

You have already said the page is working when you have a good log in.  The problem is when you don't authenticate.

---Yes,it is working fine by giving correct login details. Problem is only when it is not being authenticated well.

What happens if you add a response.end after your response.write "<h3>Authentication Failed!</h3>" just for trouble shooting.   If this does not help you, please post all your code so we can see what else is going on and what is happening on line 91.

--- Please find attached applogin.asp page for your refrence.

if result then
Response.redirect to details.asp
else
response.write "<h3>Authentication Failed!</h3>"
response.end()
end if

---- I tried with response.end still am getting the same error of permission denied.
On this line : set oRS = cmd.Execute
applogin
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 38771367
I will look over in more detail tomorrow. but it sounds like the db is being hit twice.   If you move the function to the top of the page does that help?
0
 
LVL 8

Author Comment

by:newbie27
ID: 38771712
Any other expert comments please. Need urgent help..
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 38771982
As I said, the error is caused by the database being hit twice and it errors because it was not reset on the first pass.

The reason it is being hit twice is because you are accessing the function both from submitting the form and via the javascript submitting data.

You either need to add a preventDefault() function in your javascript or not use js to submit the data.

My suggestion is since you are doing this all on one page, keep the js where it detects something has not been entered but remove the js function function LoginValidation()
 as you are already validating server side.

When you tested the code did you notice that form shows up twice after you hit a bad username/password?
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 38771991
If this helps show you what is happening,  inside your serverside function add the code below just after function AuthenticateUser(UserName, Password, Domain)



if session("x")="" then      
      session("x")=1
      else
      session("x")=cdbl(session("x"))+1
end if
response.write "function counter= "&session("x")&"<hr>"
0
 
LVL 8

Author Comment

by:newbie27
ID: 38773608
On submit without using js and giving any values in username and password fields i got below error

Provider error '80040e37'

Table does not exist.

/Web-Forms-Live/applogin.asp, line 91

With Js validation on giving incorrect username/password i got the below error message

Provider error '80040e09'

Permission denied.

/Web-Forms-Live/applogin.asp, line 91

after function AuthenticateUser(UserName, Password, Domain)

----after function AuthenticateUser(UserName, Password, Domain)

if session("UserName")="" then      
      session("UserName")=1
     else
    session("UserName")=CDbl(session("UserName"))+1
end if
response.write "function counter= "&session("UserName")&"<hr>"

I got the below error message.

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'CDbl'

/Web-Forms-Live/applogin.asp, line 75
0
 
LVL 8

Author Comment

by:newbie27
ID: 38777981
Any update please
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 38780973
I"m sorry, I think my post from yesterday did not go through. The reason is the connection string needs to be inside the function.  All variables in a function are only for that function.
0
 
LVL 6

Accepted Solution

by:
charlie324 earned 1600 total points
ID: 38792274
Hi,
Use Error object and check

If Err.Number <> 0 Then
AuthenticateUser = false
Else
....
AuthenticateUser = true
End If

Let me know if it works.
0
 
LVL 8

Author Closing Comment

by:newbie27
ID: 38792379
Thank you Charlie. That has worked! Wish I have had thought about this earlier.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Well hello again!  Glad to see you've made it this far without giving up.  In this, the fourth installment of my popular series, I'm going to cover functions and subroutines, what they are, and why they are useful.  Just in case you stumbled onto th…
This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question