Web-based Active Directory Login implements central sign-on system for web-based applications. It was developed to eliminate maintenance of user passwords in database, whether encrypted or not. A user running application from desktop enjoys liberty to access resources and/or services on the network which he has permission to do from Windows. On the other hand, web-based applications run in a security context entirely different from that of a desktop application. Same user while running application from browser will not have such liberty. This was the problem when I tried to login using my n/w user name and password maintained in Active Directory through web. Ultimately it was overcome by impersonating the web server anonymous user which in most cases is IUSR_machinename.
Using the code
Below is a brief description of how to use the code.
There are two class files
LoginAdmin is an ActiveX DLL type project and contains a standard module and a class module. The
ImpersonateUser class has two methods which you will be using in your ASP code.
Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")
objLogon.Logon "user id", "password", "domain name"
Set objLogon = Nothing
These are the methods of the class
ImpersonateUser and their description:
Logon(strUser, strPassword, strDomain)
|This method should be called before sending request to active directory. The user should be a valid domain user with at least read permissions of active directory. You can keep this user in a database or hardcode it's userid and password in the ASP script.|
|This method must be called after accessing info from Active Directory in order for IIS to revert security permissions of the particular file|
prjLogin is also an ActiveX DLL type project and contains only a class module. It uses references to Active DS type library. The
clsDomainLogin class has one method with three parameters user name, password and domain.
Set oUser = Server.CreateObject("prjLogin.clsDomainLogin")
iResult = oUser.BindObject(strUser, strPassword, strDomain)
Below is a method of the class
clsDomainLogin and its description:
BindObject(strUser, strPassword, strDomain)
|This method should be called while authenticating from Active Directory. It returns 1 when successful and 0 when unsuccessful|