Web-based Active Directory Login

hi Melissa,

It's pretty simple, you have to follow the steps below;

1. Register the two dlls on the webserver
2. Create a virtual directory in IIS and put asp file in it
3. Run the code browser using convention http://<your_weberver_machinename>/<your_virtual direcotyname="">

Let me know if you have any problems.

regards,
-Faisal

Even I registered both dll files, I received the following error message:

Error Type:
Server object, ASP 0177 (0x800401F3)
800401f3
/ISWeb/kpis/Phones/login.asp, line 16

Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

This a very generic error message and you can find several articles on microsoft website pertaining to this error. Visit
http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q=800401f3[^]

However first try following two resolutions;

(1) Launch regedit or regedt32, browse HKEY_CLASSES_ROOT> prjLogin.clsDomainLogin > Clsid, check IUsr_<machinename> has atleast Read permisions on the default key

(2) Open IIS > Goto to the website under Default website here you have placed the code > Right click on file where you have put the sample code for ex. login.asp > goto properties > File Security
Click on "Edit" under Anonymous access and authentication control
Put a domain user id and password (use convention <domain_name>\<username>)

Let me know if you need further help.

regards,
-Faisal

Many thanks!!! Your script was exactly what I have been looking for for our internal solution. Smile | :)

You are welcome ...

regards,
-Faisal

For those of you who are getting a Login Success for a blank username, add the following into his asp code starting on line 39.

if strUser = "" then
iResult = "0"
end if

That should fix your problem.

If anybody knows how to get the actual name of the user from active directory, that is what I'm looking for.

Ex:
Username: mstewart
would return
The full Name: Marc Stewart (stored in AD) Confused | :confused:

after login.

Marc Stewart

-- modified at 13:25 Monday 27th February, 2006

Anybody get this extra code to work?

I use this page to authenticate multiple websites and as a backup location so you will need to modify as needed, if your having problems logging in make sure you registered the projLogin.dll on your server.

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
   ' Form was autopostback, grab the form variables ...
		on error resume next
		
		  strUser = Request("oUser")


		  UserArray = Split(strUser, "@")
		  strUser = UserArray(0)


		  strPassword = Request("oPassword")
		  
		  returnpage = request.form("returnpage")
		
	'Allows the user mstewart to bypass the System Maintanence when active but still authenticates to active directory.  
	if strUser <> "mstewart" then
	
		if request.QueryString("Service") = "True" then
			response.Redirect(returnpage & "?Service=True")
		end if
		
	end if
	
     Dim objLogon

     ' create an object for impersonating IIS to use a valid domain user instead of anonymous user IUSR_machinename
     Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")

     ' any domain user who has rights to access active directory
     objLogon.Logon "user id", "password", "domain name"

    ' check here for a form post ...
    if request("GETUSER") = "" Then
%>
		
		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
		<html xmlns="http://www.w3.org/1999/xhtml">
		<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title>Backup Login Place</title>
		</head>
		<style>
		#main {
		font:Arial, Helvetica, sans-serif;
		color:#666666;
		}
	
		</style>
		<body onLoad="document.Logon.oUser.focus()">
        <script type="text/javascript">
        	document.write("<table style='width:100%; height:"+ (screen.height - 200) +"px; background-color:#F8F8F8; border:#000000; border-style:solid; border-width:thin;'>")
        </script>
        
        <tr valign="top">
            <td style="font:Arial, Helvetica, sans-serif; color:#336699; padding-left:15px; padding-top:15px"><strong>Backup Login Place</strong></td>
        </tr>
			<tr>
				<td>
					<table width="100%" id="main" class="main">
                        <tr valign="middle">
                        	<td colspan="2" align="center">
                                <table width="100%">
                                <% if request.QueryString("Submitted") = "True" then %>
                                	
                                    <tr>
                                        <td colspan="2">Thank You <strong><%=request.QueryString("FName")%>&nbsp;<%=request.QueryString("LName")%></strong>, your information has been submitted.</td>                                    </tr>
                                    <tr>
                                        <td colspan="2">&nbsp;</td>
                                    </tr>
                                                                        
                                <% end if %>
                                    <tr>
                                        <td colspan="2" align="center">Login Below</td>
                                    </tr>
                                    <tr>
                                        <td colspan="2">&nbsp;</td>
                                    </tr>
                                    <tr>
                                    	<td colspan="2">
                                        	<table width="100%">
                                                <FORM Name="Logon" ACTION="" METHOD="POST">
                                                <input type="hidden" name="studentaccess" id="studentaccess" value="Denied" />
                                                <tr valign="middle">
                                                    <td width="45%" align="right">Username:</td>
                                                    <td width="55%" align="left"><input type="text" name="oUser" size="20" maxlength="100" /></td>
                                                </tr>
                                                <tr valign="middle">
                                                    <td width="45%" align="right">Password:</td>
                                                    <td width="55%" align="left"><input type="password" name="oPassword" size="22" maxlength="100" /></td>
                                                </tr>
                                                <tr valign="middle">
                                                    <td width="45%" align="right">URL to Login:</td>
                                                    <td width="55%" align="left"><input type="text" name="returnpage" id="returnpage" size="50" maxlength="100" value="http://intwebserv01/Hit System/"/></td>
                                                </tr>
                                                <tr>
                                                    <td colspan="2">&nbsp;</td>
                                                </tr>
                                                <tr>
                                                    <td colspan="2" align="center"><input type="submit" name="GETUSER" value="Login" /></td>
                                                </tr>
                                                </FORM>
                                            </table>
                                        </td>
                                    </tr>
                                </table>
							</td>
						</tr>
					</table>
				</td>
			</tr>
			
		</table>
		</body>
		</html>

<%

	else
	
		  Set oUser = Server.CreateObject("prjLogin.clsDomainLogin")

			strDomain = "MICROSOFT.COM"

		  ' BindObject has two parameters userid and password
		  iResult = oUser.BindObject(strUser, strPassword, strDomain)


'on error resume next
' Set reference to the ADSI interface to NT User Manager ...

	' Checks for blank username.
	if strUser = "" then
		iResult = "0"
	end if

		'Setup Connection to Database
		on error resume next
		Dim objConfig  ' As CDO.Configuration
		Dim objMessage ' As CDO.Message
		Dim Fields     ' As ADODB.Fields
		
		Set adoCon = Server.CreateObject("ADODB.Connection")
		adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("DataBases\PreLogin.mdb")
		Set rs = Server.CreateObject("ADODB.Recordset")
	
	'The user passed authentication
	if iResult = 1 then
	
		Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
	
			' Test for Student Logins then Deny's Access
			if request.Form("studentaccess") = "Denied" or request.Form("studentaccess") <> "Allowed" then
			
				' First Test - Student logins use numbers as usernames so we test to see if the username is a number.
				if IsNumeric(strUser) then
					response.Redirect(returnpage & "?Error=Student")
				end if
	
	
				' Second test for Student Logins			
				strSQL = "SELECT * FROM DenyLogin WHERE DenyLogin LIKE '%" & strUser & "%' ;"
				rs.LockType = 3
				rs.Open strSQL, adoCon
				do while not rs.EOF	
				
				if rs.fields("DenyLogin") = strUser then
				
					response.Redirect(returnpage & "?Error=Student")
				
				end if
				rs.movenext
				loop
				rs.close
				
			end if

		'You have passed validation. Since this is the backup login place redirect to the site that called it.
			response.Redirect(returnpage & "Login.asp?UserName=" & strUser & "&Name=" & User.Fullname & "&Password=" & strPassword & "&GETUSER=Login")
	
	'The user failed authentication
	else
	
			response.Redirect(returnpage & "?Error=Credentials")
	
	end if

	set oUser = Nothing

	adoCon.close

end if

objLogon.Logoff
Set objLogon = Nothing

%>

Marcus Stewart

Thank you. I do appreciate your help. This works for me.

My name is Sidhi. Nice to have your code for "Web-based Active Directory Login
". I do love it. But do you know how to Login into AD without using any of those dll ?

Beside that i do have a lot of question for AD management using ASP.Net, but right now some of it :
1. Do you know how to put all list of OU into a DropDown.items.add(???????)
2. Do you know how to delete an ou with object within it ? Because i use :

> Dim objdomain As Object
> objdomain = Nothing
> 'Delete OU
> objdomain = GetObject("LDAP://" & LabelComment1.Text)
> objdomain.Delete("organizationalUnit", "ou=" & Trim(TextDeleteOU1.Text))
> LabelComment0.Text = "OU : " & TextDeleteOU1.Text & " Deleted."
> objdomain = Nothing

With those source code i can only delete empty ou, cannot ou with user inside.

That's my questions for a while.Thank you for your help.

PS :
Please help me because i'm doing my college final project for "AD management via ASP.Net" in those final project, i'm not allowed to use any dll beside win Server20k3 dll and VStudio.net dll.

I need Help for Active Directory Management with ASP.Net...... PLease....

Hello

The script its working, the login is successfully but i can't process some things which require other permissions than default IIS account.
I login with administrator account but no luck. If i change the user from IIS with the same user which i try to login, then process which i trying to do its working.

With this login function should i see the logged user in ServerVariables("LOGIN_USER")? because i can't see it.

Thanks

Horace

Hi
Thanks for sharing with your code. I love it.

I've got a problem using the component.
I'm using your component in my project for auth.
my domain is "aa.bb"
Some users are found and login success.
their distingishname is "OU=cc,DC=aa,DC=bb"

HoweverSome of the user cannot be found
their distingishname is "OU=ff,OU=dd,OU=cc,DC=aa,DC=bb"

How can I use the component to find out those user.

thanks

Regards,

Kin

How do i create a command to exec the logoff() command and clear the session veriable.

Cheers

Chris.

Use the object created from ImpersonateUser class like in the code below

'******************************************

' create an object of ImpersonateUser class
Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")

' any domain user who has rights to access active directory
objLogon.Logon "user id", "password", "domain name"

objLogon.Logoff

Set objLogon = Nothing

'******************************************

For clearing session vars, assign null value to them or use Session.Abandon() method.

regards,
-Faisal

Hmm... it works sometimes, but most of the time when I click submit it causes 100% CPU utilization on the webserver under lsass.exe. Webserver is a test server so no one is using it. It is a PI 200Mhz 256Ram Win 2003 Enterprise. Is it the processor's fault, or is it just bad coding?

Sorry man for late reply, I was not reading the mails however for god sake don't run Win2K3 on P1 processor. Use the link below to see the min h/w requirement for win2k3 server
http://www.microsoft.com/windowsserver2003/proddoc/default.mspx[^]

regards,
-Faisal

Hi Faisal. I really appreciate this login code; it is perfect for a project I'm working on for my company. I am having one issue with it however.

After editing the following lines...

objLogon.Logon "user id", "password", "domain name"

iResult = oUser.BindObject(strUser, strPassword, "AKU.EDU")

...the code successfully verifies legitimate user name/passwords and denies access to incorrect user name/passwords. That's great. However if no user name or password is entered -- the fields are left blank -- it verifies it anyway and allows the visitor access to the company network.

Is there something that I need to tweak to keep this from happening?

Thank you so much.

Yes, you can do it in two ways, from server-side i.e. through ASP or client-side i.e. through javascript. Use any way you like. If you need code for that then email me. Sorry, for late reply, I was out of touch with this forum.

thanks

regards,
-Faisal

Error Type:
Server object, ASP 0178 (0x80070005)
The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
/test/login.asp, line 39
line 39 is: Set oUser = Server.CreateObject("prjLogin.clsDomainLogin")

I don't know what's wrong even I did regsvr32.exe on both .dll file on my machine.
Please help me
Thank you

goodguy

This error means that there are insufficient permissions to access a file. I found MS KB article for your problem please click on the link and follow the instructions.

http://support.microsoft.com/default.aspx?scid=kb;en-us;286198[^]

regards,
-Faisal

Hi,

I am running the code and its running without any error. But nomatter if I type something wrong or even nothing in username and password, it keep giving the message

Output

Login success!

Whats happening??? Any ideas???

Khurram. Confused | :confused:

Just check if you have changed the domain and the domain user with read access to AD.

regards,
-Faisal

I change aku.edu first to my localhost and it said login successful. Then i tried to change it to my company intranet then i make it back aku.edu. No matter if I type anything in username and password or not, no matter if the username or password is wrong, its just showing login Successful message Confused | :confused:

could you send me the asp file you are executing?

regards,
-Faisal

I registerd the two .dll files, when I tried to run the page I get the following error, please advise in this :

Server object, ASP 0177 (0x8007007E)
8007007e
/ADlogin/login.asp, line 16

When I go to that line I see the following code :

Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")

awaiting your reply, Thanks.
Thamir

Method	Description
`Logon(strUser, strPassword, strDomain)`	This method should be called before sending request to active directory. The user should be a valid domain user with at least read permissions of active directory. You can keep this user in a database or hardcode it's userid and password in the ASP script.
`LogOff()`	This method must be called after accessing info from Active Directory in order for IIS to revert security permissions of the particular file

Method	Description
`BindObject(strUser, strPassword, strDomain)`	This method should be called while authenticating from Active Directory. It returns 1 when successful and 0 when unsuccessful

Web-based Active Directory Login

Overview

Using the code

License

Comments and Discussions