Re: ADSI Authentication using ASP - Problem

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/20/04

• Next message: Mary: "SSL Export - Export with Private Key disabled"
• Previous message: danielle: "Re: Help please to authenticate Windows users"
• In reply to: Srinivas: "ADSI Authentication using ASP - Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 20 Jun 2004 13:12:54 -0700

User identity running VB application may not be the same that is running the
ASP application over the web. It all depends on what authentication type
you've enabled -- which you did not state. What happens when you only have
"Basic Authentication" enabled.

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Srinivas" <anonymous@discussions.microsoft.com> wrote in message
news:1eaf101c455f8$d7360ab0$a501280a@phx.gbl...
Hi,
I've one system in which Active directory is installed.
That system is the domain controller as well as web
server - A test machine.
Trying all following to Authenticate Users using VB as
well as ASP.
I need ASP solution (and no component required etcc..).
Things seems to work fine but stuck badly from past two
days.
Trying to get it done with IADSUser.ChangePassword, thats
throwing error on password policy. So....that way of
authenticating is not being considered though I modified
the security policies to satisify the program to function.
Sub AuthenticateUser()
' VB . Project References : Active DS Type Librabry, ADO
' "Courtesy URL : http://builder.com.com/5100-6388-1045387-
2.html"
Dim oRootDSE    As IADs
Dim oDSObj      As IADsOpenDSObject
Dim oAuth       As IADsContainer
Dim oUser       As IADsUser
Dim strUsername As String, strNamingContext As String,
strPassword As String, strUserADSPath As String
Dim blnUserExists As Boolean
Dim adoConnection As New ADODB.Connection
Dim adoRecordset As New ADODB.Recordset
Dim strServerName As String
'test.com : Active directory domain on my system which is
AD domain controller too!
strServerName = "my-system-name.test.com:389/"
strUsername = "test-user-name"  '<somedomain>\test-user-
name : domain name is not necessary
strPassword = "test-password"
Set oRootDSE = GetObject("LDAP://" & strServerName
& "RootDSE")
strNamingContext = strServerName & oRootDSE.Get
("defaultNamingContext")
Set oRootDSE = Nothing
strUserADSPath = ""
blnUserExists = False
adoConnection.Provider = "ADSDSOObject"
Set adoRecordset = adoConnection.Execute("<LDAP://" &
strNamingContext & ">;(sAMAccountName=" & strUsername
& ");AdsPath, cn")
    If adoRecordset.RecordCount = 0 Then
Debug.Print Now() & " - User Name " & strUsername
& " not exists in the directory."
    Else
        Debug.Print Now() & " - User Name " & strUsername
& " exists in the directory."
        strUserADSPath = adoRecordset.Fields
("ADSPATH").Value
        blnUserExists = True
    End If
    adoRecordset.Close
    Set adoRecordset = Nothing
    adoConnection.Close
    Set adoConnection = Nothing
If Not blnUserExists Then Exit Sub
    Set oUser = GetObject(strUserADSPath)
    Debug.Print "Account Disabled = " &
oUser.AccountDisabled
    ' FYI If disabled = true then exit sub
    Set oDSObj = GetObject("LDAP:")
    Set oAuth = oDSObj.OpenDSObject("LDAP://" &
strNamingContext, strUsername, strPassword,
ADS_SECURE_AUTHENTICATION)
    ' THIS LINE IS THE CULPRIT LINE THAT IS WORKING FINE
IN VB BUT FAILING WHEN THE SAME CODE TAKEN TO ASP WITH
APPRIOPRIATE CONSTANT VALUES SET
e.g.,ADS_SECURE_AUTHENTICATION
    ' WHAT IS THAT REASON THAT IS MAKING IT FAIL?????
PLEASE LET ME KNOW ASAP??
THE ERROR NUMBER : -2147016662 is being returned always
for ASP
    If Not oAuth Is Nothing Then
        MsgBox "Authentication Success", vbInformation
        Set oAuth = Nothing
    End If
 Exit Sub
Err_Hnd:
   MsgBox Err.Description, vbCritical, Err.Number
End Sub
' Equivalent ASP Code
Sub AuthenticateUser(strUsername, strPassword)
on error resume next
ADS_SECURE_AUTHENTICATION = 1
ADS_SERVER_BIND = 512
strServerName = "my-system-
name.test.com:389/"
strUsername = "test-user-
name"  '<somedomain>\test-user-name : domain name is not
necessary
strPassword = "test-password"
Set oRootDSE = GetObject("LDAP://" &
strServerName & "RootDSE")
strNamingContext = strServerName &
oRootDSE.Get("defaultNamingContext")
Set oRootDSE = Nothing
Response.Write "<BR> strNamingContext = "
& strNamingContext
strUserADSPath = ""
blnUserExists = False
set oADOConn = Server.CreateObject
("ADODB.CONNECTION")
set oADORs = Server.CreateObject
("ADODB.Recordset")
oADOConn.Provider = "ADSDSOObject"
oADOConn.Open
Set oADORs = oADOConn.Execute("<LDAP://" &
strNamingContext & ">;(sAMAccountName=" & strUsername
& ");AdsPath, cn")
If oADORs.RecordCount = 0 Then
    Response.Write "<BR> " & Now() & " -
User Name <B>" & strUsername & "</B> not exists in the
active directory."
Else
    Response.Write "<BR> " & Now() & " -
User Name <B>" & strUsername & "</B> exists in the active
directory."
    strUserADSPath = oADORs.Fields
("ADSPATH").Value
    blnUserExists = True
End If
oADORs.Close
Set oADORs = Nothing
oADOConn.Close
Set oADOConn = Nothing
If Not blnUserExists Then Exit Sub
Set oUser = GetObject(strUserADSPath)
Response.Write "<BR> Account Disabled = "
& oUser.AccountDisabled
    Set oDSObj = GetObject("LDAP:")
Set oAuth = oDSObj.OpenDSObject("LDAP://"
& strNamingContext, strUsername, strPassword,
ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)
    ' THIS LINE IS THE CULPRIT LINE THAT IS WORKING FINE
IN VB BUT FAILING WHEN THE SAME CODE TAKEN TO ASP WITH
APPRIOPRIATE CONSTANT VALUES SET
e.g.,ADS_SECURE_AUTHENTICATION
    ' WHAT IS THAT REASON THAT IS MAKING IT FAIL?????
PLEASE LET ME KNOW ASAP??
THE ERROR NUMBER : -2147016662 is being returned always
for ASP
if err.number <> 0 then
Response.Write "<BR>
Authentication Failed with Error Number = " & err.number
exit sub
end if
If Not oAuth Is Nothing Then
    Response.Write "<BR> Authentication
Success"
    Set oAuth = Nothing
End If
End sub
Any suggestion please!
Thanks in advance
Regards
S-

• Next message: Mary: "SSL Export - Export with Private Key disabled"
• Previous message: danielle: "Re: Help please to authenticate Windows users"
• In reply to: Srinivas: "ADSI Authentication using ASP - Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ADSI Problem ... are you building ASP.NET applications for ASP 3.0 apps? ... built in mechanisms to support forms-based authentication are the way to go. ... Dim strUserName ... (microsoft.public.windows.server.active_directory) Re: secure paths in web.config file ... ASP file access redirect fine if I am not authenticated, ... > string in the user data area of the forms authentication ticket. ... > Dim tkt As FormsAuthenticationTicket ... (microsoft.public.dotnet.framework.aspnet.security) Re: Error extracting innerHTML using DHTML in an HTA page ... I originally started with an ASP page that returned the XML data island. ... > Dim objDoc As Object ... > Dim strHTML As String ... (microsoft.public.scripting.vbscript) Re: Cannot instantiate .NET Class Library to expose webservice client library ... Web Service calls to ASP pages. ... gacutil /i and regasm the class library with no problem ... Dim objOnlyOrderLine As New iPubClient.OrderLine ... Dim objOnlyOrder As New iPubClient.SimpleOrderData ... (microsoft.public.dotnet.framework.aspnet.webservices) Re: Cannot instantiate .NET Class Library to expose webservice client library ... Web Service calls to ASP pages. ... gacutil /i and regasm the class library with no problem ... Dim objOnlyOrderLine As New iPubClient.OrderLine ... Dim objOnlyOrder As New iPubClient.SimpleOrderData ... (microsoft.public.dotnet.framework)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint