Snappy2873
Programmer
Good afternoon everyone,
I’ve got a security issue that needs some recommendations.
Here’s the scenario:
All my users login to access the company domain which is managed by active directory. I’ve written ASP applications that allow access to the user only if the domain\username (na\cgilbert) is added to a column in my tblUser table(SQL 2k) which is displayed in the following:
Id | empNTLogin | empStatus
1 | na\cgilbert | 2
2 | na\ssmith | 1
3 | na\sjones | 0
The following Function fires a SP that checks to see if the user that’s logged into the network is also in my tblUser.empUserName table(above).
__________________________________________________________________
Function to check NT login:
function CheckNTLogin(strLogin)
'0 - general user
'1 - modify
'2 - admin
'verify user information in the database
'create the recordset object, set the sql and parameters and open the recordset
CheckNTLogin = false
Set objRS = Server.CreateObject("ADODB.Recordset")
call ConnectDB()
strSQL = "qparmVerifyLoginNT '" & strLogin & "'"
objRS.Open strSQL,objCONN,adOpenDynamic,adLockReadOnly
if not objRS is nothing then
if not objRS.BOF and not objRS.EOF then
Session("USER") = objRS.Fields("ID")
Session("ADMIN") = objRS.Fields("empUser")
CheckNTLogin = true
end if
end if
'call DisConnectDB()
end function
_________________________________________________________________
Stored Procedure in SQL
qparmVerifyLoginNT:
CREATE PROCEDURE dbo.qparmVerifyLoginNT
(
@UserName varchar(255)
)
AS
select *
from tblUser (nolock)
where empNTLogin = @UserName
GO
_________________________________________________________________
If the user in my table matches the user logged on, then my search page fires and everything is ok, if not, the page reverts to a “contact admin page”.
So my question is the following, how would I modify this approach to call in global groups from the domain instead of individual users from the domain?
My preferred setup (domain\group) would allow me the ability to add everyone to groups from an active directory standpoint but I cant get it to work.
This would save me about 200 individual users that need to added to the database as well as allow Active directory more management control over the application.
Id | empUserName | empStatus
1 | na\Admin(group) | 2
2 | na\Modify(group) | 1
3 | na\GenAcc(group) | 0
Any help would be greatly appreciated.
CG
I’ve got a security issue that needs some recommendations.
Here’s the scenario:
All my users login to access the company domain which is managed by active directory. I’ve written ASP applications that allow access to the user only if the domain\username (na\cgilbert) is added to a column in my tblUser table(SQL 2k) which is displayed in the following:
Id | empNTLogin | empStatus
1 | na\cgilbert | 2
2 | na\ssmith | 1
3 | na\sjones | 0
The following Function fires a SP that checks to see if the user that’s logged into the network is also in my tblUser.empUserName table(above).
__________________________________________________________________
Function to check NT login:
function CheckNTLogin(strLogin)
'0 - general user
'1 - modify
'2 - admin
'verify user information in the database
'create the recordset object, set the sql and parameters and open the recordset
CheckNTLogin = false
Set objRS = Server.CreateObject("ADODB.Recordset")
call ConnectDB()
strSQL = "qparmVerifyLoginNT '" & strLogin & "'"
objRS.Open strSQL,objCONN,adOpenDynamic,adLockReadOnly
if not objRS is nothing then
if not objRS.BOF and not objRS.EOF then
Session("USER") = objRS.Fields("ID")
Session("ADMIN") = objRS.Fields("empUser")
CheckNTLogin = true
end if
end if
'call DisConnectDB()
end function
_________________________________________________________________
Stored Procedure in SQL
qparmVerifyLoginNT:
CREATE PROCEDURE dbo.qparmVerifyLoginNT
(
@UserName varchar(255)
)
AS
select *
from tblUser (nolock)
where empNTLogin = @UserName
GO
_________________________________________________________________
If the user in my table matches the user logged on, then my search page fires and everything is ok, if not, the page reverts to a “contact admin page”.
So my question is the following, how would I modify this approach to call in global groups from the domain instead of individual users from the domain?
My preferred setup (domain\group) would allow me the ability to add everyone to groups from an active directory standpoint but I cant get it to work.
This would save me about 200 individual users that need to added to the database as well as allow Active directory more management control over the application.
Id | empUserName | empStatus
1 | na\Admin(group) | 2
2 | na\Modify(group) | 1
3 | na\GenAcc(group) | 0
Any help would be greatly appreciated.
CG
