问题
I have a Classic ASP website (sorry!). Some parts of it need to be NT authentication enabled.
I would ideally like to present the user with a nice login form (rather than a browser prompt) which I then authenticate against AD and then do the usual "log in if success, show error if failure"
Is this even possible? I've tried the following on a local computer but not sure how to properly test for success or if it even expands to searching against AD
<html>
<head>
</head>
<body>
<form action="test.asp" method="post">
Username:
<input type="text" name="strUserName"><br>
Password:
<input type="password" name="strPassword"><br>
<input type="submit" name="btnSubmit">
</form>
<%
If Request.Form("strUsername") <> "" Then
Dim strADsPath
strADsPath = "WinNT://ARIA"
strUserName = Request.Form("strUserName")
strPassword = Request.Form("strPassword")
'Set adObject = GetObject("WinNT:")
'Set userObject = adObject.OpenDSObject("WinNT://" & domainName, userName, password, ADS_SECURE_AUTHENTICATION)
if (not strADsPath= "") then
Dim oADsObject
Set oADsObject = GetObject(strADsPath)
response.write "Authenticating...<br><br>"
Dim strADsNamespace
Dim oADsNamespace
strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
set oADsNamespace = GetObject(strADsNamespace)
Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, strUserName,strPassword, 0)
if not (Err.number = 0) then
Response.Write "<font color='red'><font size = 5><u><b>Authentication has failed...<b></u></font></font>"
Session("Auth") = "NO"
else
Response.Write "<font color='blue'>USER AUTHENTICATED!</font><br>"
Session("Auth") = "YES"
end if
end if
End If
%>
</body>
</html>
So once authenticated, is it possible to grab other stuff such as email and groups?
I've tried following Classic ASP (VBScript), 2008 R2, error using AD to authenticate and tried authenticating against my local machine but it ALWAYS authenticates no matter what I put in. Is it the fact I'm using a local machine mean it just won't work?
回答1:
I know this is an old question, but in case someone is still interested:
This is how I authenticate users against an AD: It's an indirect approach using an authenticated LDAP query. If the query fails, the user is not allowed to authenticate against the domain controller.
It's a bit inelegant in as much as it requires an explicit naming of a domain controller. domain name (if you want to use sam account names) and an OU for the search start DN.
dim domainController : domainController = "yourdc.company.com"
dim ldapPort : ldapPort = 389
dim startOu : startOu = "DC=company,DC=com"
Function CheckLogin( szUserName, szPassword)
CheckLogin = False
szUserName = trim( "" & szUserName)
dim oCon : Set oCon = Server.CreateObject("ADODB.Connection")
oCon.Provider = "ADsDSOObject"
oCon.Properties("User ID") = szUserName
oCon.Properties("Password") = szPassword
oCon.Open "ADProvider"
dim oCmd : Set oCmd = Server.CreateObject("ADODB.Command")
Set oCmd.ActiveConnection = oCon
' let's look for the mail address of a non exitsting user
dim szDummyQuery : szDummyQuery = "(&(objectCategory=person)(samaccountname=DeGaullesC))"
dim szDummyProperties : szDummyProperties = "mail"
dim cmd : cmd = "<" & "LDAP://" & domainController & ":" & ldapPort & _
"/" & startOu & ">;" & szDummyQuery & ";" & szDummyProperties & ";subtree"
oCmd.CommandText = cmd
oCmd.Properties("Page Size") = 100
on error resume next
dim rs : Set rs = oCmd.Execute
if err.Number = 0 then
CheckLogin = true
call rs.Close()
set rs = nothing
end if
on error goto 0
set oCmd = nothing
End Function
' perform test
dim res : res = CheckLogin( "youradname\youruser", "yourpassword")
if res then
Response.Write( "Login ok")
else
Response.Write( "Login failed")
end if
来源:https://stackoverflow.com/questions/22295550/classic-asp-authenticate-against-active-directory