Windows Authenticated Form for SQL

[unborn]

I have tons of code I have tried so let me give my situation and see if perhaps someone can point me in the right direction.

I am developing a page for the intranet. I have a user group in AD with all the users I want to have access to my site. This AD group has been placed in the database security group. I currently have it working with the integrated windows="SSPI" connection string with Anon turned off and Basic Authentication on(unsecure only way I can get it to work). As we speak if you go to the page it has a pop-up immediately asking for credentials as well stating your information will be transmitted in plain text. Only those users I specified can login and other then being unsecure and not being able to log out it works great.

My issue though is I am being requested to have a FORM for the users to be login with. They dont want me to use a status SQL account because they want everything the domain user is doing to be logged.

I have searched for hours on google trying to figure out how to take the username and password from the user and pass it through to SQL and authenticate them through a form.

If you could point me in the right direction it would be HIGHLY appreciated. Thanks!

Running in circles is what I do best!

 

[unborn]

This is the new form I found to authenticate through CLASSIC ASP(which is what I need) but it has no way to check against the user group I created. If I could even get that to happen I might be able to figure something else for the SQL login side out.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>LDAP Authentication Test</title>
</head>

<body>

<%
dim submit
dim UserName
dim Password

UserName = "DOMAIN\"
Password = ""
Domain = "DOMAIN"

submit = request.form("submit")

if submit = "Authenticate" then
UserName = request.form("UserName")
Password = request.form("Password")
Domain = request.form("Domain")
result = AuthenticateUser(UserName, Password, Domain)
if result then
response.write "<h3>Authentication Succeeded!</h3>"
else
response.write "<h3>Authentication Failed!</h3>"
end if
end if

response.write "<hr><form method=post>"
response.write "<table>"
response.write "<tr>"
response.write "<td><b>Username:&nbsp;</b></td><td><input type=""text""name=""UserName"" value=""" & UserName & """ size=""30""><br><small>Enter as""DOMAIN\UserName"" or ""UserName@sub.domain.com"" or ""\UserName"" in asingle domain environment</small></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>Password:&nbsp;</b></td><td><input type=""password"" name=""Password"" value=""" & Password & """size=""30""></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td><b>AD Domain:&nbsp;</b></td><td><input type=""text""name=""Domain"" value=""" & Domain & """ size=""30""><br><small>Enter the ADServer FQDN, IP Address, or DN<br>Examples: ""adserver1.ourdomain.com"" or ""192.168.1.150"" or ""192.168.1.150/dc=adserver1,dc=ourdomain,dc=com""</small></td>"
response.write "</tr>"
response.write "<tr>"
response.write "<td>&nbsp;</td><td><input name=""submit""type=""submit"" value=""Authenticate""></td>"
response.write "</tr>"
response.write "</table>"
response.write "</form>"
response.end

function AuthenticateUser(UserName, Password, Domain)
dim strUser
' assume failure
AuthenticateUser = false

strUser = UserName
strPassword = Password

strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' " 
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true
oConn.open "DS Query", strUser, strPassword

set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing

end function

%>

</body>
</html>

Running in circles is what I do best!