eblattner
Programmer
- Aug 10, 2000
- 33
I am writing an aspx (Visual Basic) logon app for a friend (he needs to be able to reset expired passwords, so the regular windows logon won't work). Everything is in the same domain and secure, so that isn't really going to be a problem.
I created a logon page, that checks user name and password against active directory:
After the username and password is verified, I retrieve the groups the user belongs to, and read an ini file to determine what page the user should be redirected to based on their group.
Verifying username and pasword in AD, changing password in AD, getting groups from AD, getting url based on group are all no problem, and work fine. The problem I am having is with NTFS - the permissions to the pages he wants to redirect to are set by NTFS. Members of the supplied groups are allowed to view the asp pages, but no one else.
Example: User1 belongs to Group1, NTFS permissions on Group1.asp only allows users in Group1 to open the page.
I can't figure out how to use the logon information supplied by the user to access these pages without the windows "connect to <server>" screen popping up.
If the user signs on using the pop up, then they can access the page as long as they don't close the browser. If they do, then they have to do it all again.
Is there a way to authenticate/authorize the session? Or maybe redirect using the supplied credentials in a new browser window? He is using "Basic Authentication" on a 2003 machine (IIS6)
I have tried LogonUser and RedirectFromLoginPage - neither work.
I can't put the users in the web.config file, he wants to get the info straight from Active Directory.
Please help, you have been there for me before, I hope someone knows the answer to this one
I created a logon page, that checks user name and password against active directory:
Code:
'LDAPServerPath is the domain name (home.network.us)
dso = GetObject("LDAP:")
oUser = dso.OpenDSObject("LDAP://" & LDAPServerPath, txtUserName.Text, txtPassword.Text, 1)
After the username and password is verified, I retrieve the groups the user belongs to, and read an ini file to determine what page the user should be redirected to based on their group.
Verifying username and pasword in AD, changing password in AD, getting groups from AD, getting url based on group are all no problem, and work fine. The problem I am having is with NTFS - the permissions to the pages he wants to redirect to are set by NTFS. Members of the supplied groups are allowed to view the asp pages, but no one else.
Example: User1 belongs to Group1, NTFS permissions on Group1.asp only allows users in Group1 to open the page.
I can't figure out how to use the logon information supplied by the user to access these pages without the windows "connect to <server>" screen popping up.
If the user signs on using the pop up, then they can access the page as long as they don't close the browser. If they do, then they have to do it all again.
Is there a way to authenticate/authorize the session? Or maybe redirect using the supplied credentials in a new browser window? He is using "Basic Authentication" on a 2003 machine (IIS6)
I have tried LogonUser and RedirectFromLoginPage - neither work.
I can't put the users in the web.config file, he wants to get the info straight from Active Directory.
Please help, you have been there for me before, I hope someone knows the answer to this one