Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (93)

Web-based Active Directory Login

By , 9 Oct 2003
 

Overview

Web-based Active Directory Login implements central sign-on system for web-based applications. It was developed to eliminate maintenance of user passwords in database, whether encrypted or not. A user running application from desktop enjoys liberty to access resources and/or services on the network which he has permission to do from Windows. On the other hand, web-based applications run in a security context entirely different from that of a desktop application. Same user while running application from browser will not have such liberty. This was the problem when I tried to login using my n/w user name and password maintained in Active Directory through web. Ultimately it was overcome by impersonating the web server anonymous user which in most cases is IUSR_machinename.

Using the code

Below is a brief description of how to use the code.

There are two class files

  1. LoginAdmin
  2. prjLogin

LoginAdmin is an ActiveX DLL type project and contains a standard module and a class module. The ImpersonateUser class has two methods which you will be using in your ASP code.

' create an object of ImpersonateUser class
 Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")
 
' any domain user who has rights to access active directory
 objLogon.Logon "user id", "password", "domain name"

 objLogon.Logoff
 Set objLogon = Nothing

These are the methods of the class ImpersonateUser and their description:

Method Description
Logon(strUser, strPassword, strDomain) This method should be called before sending request to active directory. The user should be a valid domain user with at least read permissions of active directory. You can keep this user in a database or hardcode it's userid and password in the ASP script.
LogOff() This method must be called after accessing info from Active Directory in order for IIS to revert security permissions of the particular file

prjLogin is also an ActiveX DLL type project and contains only a class module. It uses references to Active DS type library. The clsDomainLogin class has one method with three parameters user name, password and domain.

' create an object of clsDomainLogin class
 Set oUser = Server.CreateObject("prjLogin.clsDomainLogin")

' BindObject has three parameters userid, password and domain name
 iResult = oUser.BindObject(strUser, strPassword, strDomain)

Below is a method of the class clsDomainLogin and its description:

Method Description
BindObject(strUser, strPassword, strDomain) This method should be called while authenticating from Active Directory. It returns 1 when successful and 0 when unsuccessful

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

 Faisal Haroon
Web Developer The Shams Group
Pakistan Pakistan
Member
Faisal is Senior Team Lead at The Shams Group, Karachi. He has 10+ years of experience in the field of software/ web development and infrastructure management.
He has worked on various tools and platform which includes VB, ASP, ASP.NET, Javascript, COM/COM+, SQL Server, Informix, Active Directory, UNIX/Solaris, WSH, Windows NT/ 2000 servers, RADIUS, SMTP, POP, IMAP etc.
He likes to watch movies, hangs out with friends and loves to make new friends.

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First PrevNext
QuestionDoesn't actually check the username/password at allmemberKendo27 Feb '13 - 15:36 
I tested this on Windows Server 2008 using the computer name as the domain.
 
But it approves all names (even if they don't exist) and even with blank passwords!
Sign In·View Thread·Permalink
QuestionCan you help me!!!memberSawan19 Oct '11 - 4:48 
Hi 
Faisal,
Firstly Well Done, You did the great job!!!
 
I am supporting one application made in classic asp
We used the same loginAdmin.dll for windows authentication.
The code was working fine previously when there is only one domain.
Now there are two domains. Say 'X' & 'Y' and new users are get added to Y domain.
 
The issue is, users from Y domain are not able to access the application.
 
Could you please help me on this
 
Thanks in advance
Sign In·View Thread·Permalink
GeneralThank you VERY much !!!memberaurelian6514 Apr '11 - 0:56 
Faisal,
 
Thank you very much for this piece of outstanding quality code!
 
Now I am able to complete my login system with this simple approach.
 
The many users demanded me that they should use the same user/password that they login on their windows systems, as they don't like to remember many different passwords...
 
Thanks to you, now I can use this solution to deliver them the same login procedure as they use when they start the computer!
 
Well done!
 
Smile | :)
Sign In·View Thread·Permalink
GeneralOnly look in certain Active Directory OUmembermmora571810 Sep '10 - 10:14 
Does anyone know of a way to search AD only from a specific OU with this code?
Sign In·View Thread·Permalink
QuestionWhy only 1 wrong password try locks out my Network ID?memberRed Valdez16 Jun '09 - 23:42 
do we have a workaround on this? 1 wrong entry of password locks out a network account. Frown | :(
 
Do what can't be Done. Just do it.
Sign In·View Thread·Permalink
GeneralASPX Web-based Active Directory Login problemmemberra2ak8 May '09 - 0:35 
I am trying to use the code in .net (c#)
 
<%@ Import namespace="prjLogin" %>
Dim objLogon As LoginAdmin.ImpersonateUser
Dim oUser As prjLogin.clsDomainLogin
 
getting the error
 
Type 'LoginAdmin.ImpersonateUser' is not defined.
Type 'prjLogin.clsDomainLogin' is not defined.
 
Please help
Sign In·View Thread·Permalink
GeneralRe: ASPX Web-based Active Directory Login problemmemberRed Valdez16 Jun '09 - 23:40 
this code is for ASP Classic. .NET aspx has its built in functionality for querying active directory
 
Do what can't be Done. Just do it.
Sign In·View Thread·Permalink
GeneralLogin success / bad password, when using no un / pw or a correct un / pwmembergraeme thompson23 Apr '09 - 2:37 
Hi Faisal,
 
If i enter no username and password and click login - i get login success?
 
If i enter a genuine and working user name and password, i get "bad password".
 
What am i doing wrong?
 
Thanks
 
Graeme
Sign In·View Thread·Permalink
GeneralRe: Login success / bad password, when using no un / pw or a correct un / pwmemberaurelian6514 Apr '11 - 1:04 
For the case of empty username, add this piece of code:
 
		strUser = Request("oUser")
		If Len(strUser)=0 Then
			' replace the empty string with a username that doesn't exist in the AD
			strUser = "no_name"
		End If
		strPassword = Request("oPassword")
 
or, you could do a better solution: if the strUser is empty, then do not check the AD for Login (do not call BindObject).
Sign In·View Thread·Permalink
GeneralFANTASTIC. THANK YOU!!!memberdickpacific13 Feb '09 - 7:31 
Faisal,
 
You are the man! This code is absolutely what I have been looking for all week. Thank you for posting it and letting us all steal it and take credit for it!
 
If you are ever in Salt Lake City, UT and need a place to stay or night of hard drinking, it's on me!
 
Excellent Work,
Manoj R. Sharma
Sign In·View Thread·Permalink
Last Visit: 31 Dec '99 - 18:00     Last Update: 24 May '13 - 10:10Refresh12345678910 Next »

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
Web-based Active Directory Login
Type Article
Licence 
First Posted 8 Oct 2003
Views 249,800
Bookmarked 54 times

, +
Top News

Old Japanese Man Creates Amazing Art Using Excel (Wait, Excel?)

Get the Insider News free each morning.
Related Videos
229 Construct 2 - adding a facebook login
Activity Cycle
Bypass Forms Authentication to Use Active Directory User Authentication in ASP.NET
Wrapper API for using Microsoft Active Directory Services
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
Working with Active Directory in VB.NET
How to get User Data from the Active Directory
Easy Time Management Application
Authentication against Active Directory and Edirectory via LDAP
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
Querying Microsoft Active Directory Using Microsoft .NET Framework Library
Writing ASP Chat using JavaScript and XML (Part 2)
Location based profile tracking and messaging
Application Login through Active Directory (LDAP)
VCalendar- An Open Source Web Calendar with Related Tools
Querying Active Directory using .NET classes and LDAP queries
IGotMessage - Send a Video Message
Single Sign on (SSO) Using Cookie in asp.net
Beginner's Guide: Exploring IIS 6.0 With ASP.NET
Active Directory User Class Update
Enumerating Active Directory Objects using C#
Rotating Passwords in Active Directory
Permalink | Advertise | Privacy | Mobile
Web03 | 2.6.130523.1 | Last Updated 10 Oct 2003
Article Copyright 2003 by Faisal Haroon
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid