Overview
Web-based Active Directory Login implements central sign-on system for web-based applications. It was developed to eliminate maintenance of user passwords in database, whether encrypted or not. A user running application from desktop enjoys liberty to access resources and/or services on the network which he has permission to do from Windows. On the other hand, web-based applications run in a security context entirely different from that of a desktop application. Same user while running application from browser will not have such liberty. This was the problem when I tried to login using my n/w user name and password maintained in Active Directory through web. Ultimately it was overcome by impersonating the web server anonymous user which in most cases is IUSR_machinename.
Using the code
Below is a brief description of how to use the code.
There are two class files
LoginAdmin
prjLogin
LoginAdmin is an ActiveX DLL type project and contains a standard module and a class module. The ImpersonateUser class has two methods which you will be using in your ASP code.
Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")
objLogon.Logon "user id", "password", "domain name"
objLogon.Logoff
Set objLogon = Nothing
These are the methods of the class ImpersonateUser and their description:
| Method | Description |
Logon(strUser, strPassword, strDomain) | This method should be called before sending request to active directory. The user should be a valid domain user with at least read permissions of active directory. You can keep this user in a database or hardcode it's userid and password in the ASP script. |
LogOff() | This method must be called after accessing info from Active Directory in order for IIS to revert security permissions of the particular file |
prjLogin is also an ActiveX DLL type project and contains only a class module. It uses references to Active DS type library. The clsDomainLogin class has one method with three parameters user name, password and domain.
Set oUser = Server.CreateObject("prjLogin.clsDomainLogin")
iResult = oUser.BindObject(strUser, strPassword, strDomain)
Below is a method of the class clsDomainLogin and its description:
| Method | Description |
BindObject(strUser, strPassword, strDomain) | This method should be called while authenticating from Active Directory. It returns 1 when successful and 0 when unsuccessful |
Faisal is Senior Team Lead at The Shams Group, Karachi. He has 10+ years of experience in the field of software/ web development and infrastructure management.
He has worked on various tools and platform which includes VB, ASP, ASP.NET, Javascript, COM/COM+, SQL Server, Informix, Active Directory, UNIX/Solaris, WSH, Windows NT/ 2000 servers, RADIUS, SMTP, POP, IMAP etc.
He likes to watch movies, hangs out with friends and loves to make new friends.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
if user exist in domain 