Ldap search withing Active Directory for authentication using ASP

[alexsab]

Hi, I hope you guys can help me.

I need to build a form that request username and password on ASP not ASP.net (sorry to clarify but i got some responses in other forums in .net)

This form will send an LDAP query into the active directory located on a different server and it will check for existing users.

If the users exist they will be redirected to a new page. if not they will be prompt to try again for username and password.

If you can point me to the right direction I will appreaciate it.

the form i am working with is this


<%
dim submit
dim UserName
dim Password

UserName = ""
Password = ""
Domain = "domain.com"

submit = request.form("submit")

if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
Response.Write("<script>window.open('../forms/default.asp','');</script>")
else
response.write "<h3>Authentication Failed!</h3>"
end if
end if

response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username:&nbsp;</b></td><td><input type='text'"
name="'UserName' value='' & UserName & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password:&nbsp;</b></td><td><input type='password' name='Password' value='' & Password & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain:&nbsp;</b></td><td><input type='text' name='Domain' value='' & Domain & '' size='30'></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td>&nbsp;</td><td><input name='submit' type='submit' value='Authenticate'></td>"
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end

function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false

strUser = UserName
strPassword = Password

strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword

set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true

end if
set oRS = nothing
set oConn = nothing

end function

%>

 

[alexsab]

What is happening I am gett authentication failed all the time. I know i am a user but I dont know why I am not being redirected to the page i need.

To be more specific. People are being added to an Xchange server for email purposes. This creates a username (email) and a password. Giving them access to a webmail.

how can i compare this list of users using this code.

 

[unborn]

Below is the form I found today that authenticates windows great just change the domain info up top and save as an ASP page. My problem is now taking that information and authenticating it to SQL.. sigh ... i hope this helps.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>LDAP Authentication Test</title>
</head>

<body>

<%
dim submit
dim UserName
dim Password

UserName = "DOMAIN\"
Password = ""
Domain = "FULL DOMAIN ADDRESS HERE"

submit = request.form("submit")

if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
response.write "<h3>Authentication Succeeded!</h3>"
else
response.write "<h3>Authentication Failed!</h3>"
end if
end if

response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username:&nbsp;</b></td><td><input type=""text""name=""UserName"" value=""" & UserName & """ size=""30""><br><small>Enter as""DOMAIN\UserName"" or ""UserName@sub.domain.com"" or ""\UserName"" in asingle domain environment</small></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password:&nbsp;</b></td><td><input type=""password"" name=""Password"" value=""" & Password & """size=""30""></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain:&nbsp;</b></td><td><input type=""text""name=""Domain"" value=""" & Domain & """ size=""30""><br><small>Enter the ADServer FQDN, IP Address, or DN<br>Examples: ""adserver1.ourdomain.com"" or ""192.168.1.150"" or ""192.168.1.150/dc=adserver1,dc=ourdomain,dc=com""</small></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td>&nbsp;</td><td><input name=""submit""type=""submit"" value=""Authenticate""></td>"
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end

function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false

strUser = UserName
strPassword = Password

strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' " 
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword

set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing

end function

%>

</body>
</html>
[code]

Running in circles is what I do best!