Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP with Active Directory (ADSI) 1

Status
Not open for further replies.
palagrim

palagrim

Programmer
Apr 28, 2005
31
0
0
GB
Hi there,

I'm looking for a primer/tutorial/any help with communicating with Active Directory from ASP 3.0. I'll be totally honest, I get using ASP with SQL databases but now (apparently) have to move over to ADSI/LDAP.

I'm trying to write a typical form input login:

1)User types in login/password on webpage

2)ASP passes form inputs to Active Directory which authenticates user details are correct and if so AD sends/ASP grabs the group information for that user (recursively)

3)ASP provides different results depending on what groups the user belongs to.

All nice and shiny... except I can't get my head around the connecting and querying the Active Directory stuff.

A problem I'm sure you'll agree...

I've spent 2 days googling and trying to read the MSDN scripting stuff but can't actually find anything that puts things into a nice simple straight forward way.

Can anyone suggest a forum/website/tutorial/book or even personal ideas to help?

Many thanks.

-Craig.
 
Sort by date Sort by votes
This is the easiest way to extract AD group information for the user. You can assume that because they are viewing the intranet they have already authenticated with AD by logging in in the first place so there is no point doing it again.

<%
strUsername=Replace(ucase(Request.ServerVariables("LOGON_USER")) , "\", "/")
set adsUser = getobject("WinNT://" & strUsername)
for each group in adsUser.groups
GrpList = GrpList & lcase(trim(group.name)) & ";"
next
%>

Lets say you want to do something if someone is in Domain Admins:

<% If instr(1, GrpList ,"Domain Admins") Then %>
You are a domain admin
<% Else %>
You are not a domain admin
<% End If %>

Hope this helps.

Ed
 
Upvote 0 Downvote
Hi

The logon_user serverVariable isn't set... It's just blank. I've tried your code by replacing strUserName with a valid user name (in this case, mine)...

And nothing happens...

When I try and response.write out the GrpList variable, there's nothing in it.

Sorry if I'm being slow, but this is starting to do my head in. Feels like I'm banging it against a brick wall.

Hands up - I'm totally lost...

???

>:-|
 
Upvote 0 Downvote
To force the user to provide a logon_user id you need to setup IIS to use the Basic Authentication mehod and not allow anonymous (though that can be enabled as well if you need it).

This will send a 401 Unauthorised HTTP response to the client which will then either auto-authenticate using the domain logon information or popup a login window (most common for untrusted sites) - you can of course send this HTTP header yourself through asp (response.status) and then add the auth type header using response.addheader
e.g.

If you added your username only in the string when you tested it, then this may be the problem if you did not explicitly define the realm. The format of this username should be more like domain\username or username@domain.tld (for win2k and up).

You also need to consider that if you are authenticated as anonymous user (even if you change the username string) this is the profile that will be used to query active directory - depending on your security levels it may not be possible to query the directory on a particular user unless you are authenticated with the necessary privilidges.

Use the above script to authenticate, that way it will ensure you have perms and give you the user name for the AD lookup.

Hope that helps,

A smile is worth a thousand kind words. So smile, it's easy! :)
 
Upvote 0 Downvote
Thanks damber...

It's all starting to make some kinda of sense now... Obviously a mental block.

I've got the thing authenticating and dumping various bits of info back at me... Just looking into the various properties that the different objects have...

Thanks again for your help!

:)

 
Upvote 0 Downvote
No problem - these things tend to look easy when you know, but if you don't they can be a real pain...

And the link I gave you in the first post is really useful for AD and other scripting features for windows management.

(p.s. you may want to thank emozley aswell if you've used his code)

A smile is worth a thousand kind words. So smile, it's easy! :)
 
Upvote 0 Downvote
I've just been having a flick through that link you left. Wow. Lots of stuff :)

Thanks guys, you've both been a huge help. Think I'm finally getting my head round the subject. Nice one :)

 
Upvote 0 Downvote
No worries - I joined tek tips a couple of years ago as a beginner to ASP so good to be able to give a little bit back now!

cheers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
99
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
116
xwb
xwb
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
92
penguinspeaks
penguinspeaks
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
76
JScannell
JScannell
how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
220
GriffMG
GriffMG

Part and Inventory Search

Sponsor

Back
Top