I'm trying to code an ASP page that will authenicate the users against Active Directory
and checks for group membership.
for example if the user is a member of the AdminStaff group he/she will be re-directed to
a specific web page, if the user is a member of AcademicStaff group he/she will be directed
to the Academic section of the website and if the user is anonymous, he/she will stay in the
login page.
User authentication is done through a web form run on Windows 2003 server.
I am using the script below from
http://www.tek-tips.com which identifies the active directory
users and grants access to a specific page, however, it doesn't recognise groups i.e any user
on active directory can login to the same section.
I'am new to LDAP and I need this script urgently if anyone can help. Thanks!
index.asp
=========
<HTML xmlns="http://www.w3.org/1999/xhtml">
<HEAD><TITLE>testladap form : index page</TITLE>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
</HEAD>
<BODY >
<h1>Index page</h1>
<form name="form" method="post" action="testladap.asp">
<label>User Login </label>
<input name="txtUserLogin" type="text" id="txtUserLogin">
<br>
<label>User PWD </label>
<input name="txtUserPassword" type="password" id="txtUserPassword">
<br>
<input name="subform" type="submit" value="Submit">
</form>
<p> </p>
<p>
</p>
<p> </p>
</BODY></HTML>
testladap.asp
<%
strUsername=Replace(Request.Form("txtUserLogin"), "'", "''")
strpassword=Replace(Request.Form("txtUserPassword" ), "'", "''")
domainname="contoso"
on error resume next
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set objConnection = Server.CreateObject("ADODB.Connection")
objConnection.provider ="ADsDSOObject"
objConnection.Properties("User ID") = domainname+"\" + strUsername
objConnection.Properties("Password") = strpassword
objConnection.open "Active Directory Provider"
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText ="select cn FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set objRS = objCommand.Execute
If Err.Number <> 0 Then
session("logged_in") <> "true"
Response.Redirect("index.asp")
Else
objCommand.CommandText ="select memberof FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set rs = objCommand.Execute
membership=rs("memberof")
rs.Close
objConnection.Close
Set rs = Nothing
Set objConnection = Nothing
For each group in membership
newgroup=split(group,"=")
tempgroup=left(newgroup(1), len(newgroup(1))-3)
tempgroup=lcase(tempgroup)
If tempgroup="AdminStaff" Then
session("logged_in") = "true"
Response.Redirect("adminStaff.html")
Else
Response.Redirect("index.asp")
End If
Next
End If
%>
'End ================================
Are you all dead up here? not even tiny tip? Come on guys Don't be mean, sharing some knowledge is good!
dBforums
>
LDAP authentication
02-02-07, 08:44
LDAP authentication
Linear Mode
