Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
 
(untagged)

Web-based Active Directory Login

0.00/5 (No votes)
9 Oct 2003 4  
Web-based Active Directory Login

Overview

Web-based Active Directory Login implements central sign-on system for web-based applications. It was developed to eliminate maintenance of user passwords in database, whether encrypted or not. A user running application from desktop enjoys liberty to access resources and/or services on the network which he has permission to do from Windows. On the other hand, web-based applications run in a security context entirely different from that of a desktop application. Same user while running application from browser will not have such liberty. This was the problem when I tried to login using my n/w user name and password maintained in Active Directory through web. Ultimately it was overcome by impersonating the web server anonymous user which in most cases is IUSR_machinename.

Using the code

Below is a brief description of how to use the code.

There are two class files

  1. LoginAdmin
  2. prjLogin

LoginAdmin is an ActiveX DLL type project and contains a standard module and a class module. The ImpersonateUser class has two methods which you will be using in your ASP code.

' create an object of ImpersonateUser class

 Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")
 
' any domain user who has rights to access active directory

 objLogon.Logon "user id", "password", "domain name"

 objLogon.Logoff
 Set objLogon = Nothing

These are the methods of the class ImpersonateUser and their description:

Method Description
Logon(strUser, strPassword, strDomain) This method should be called before sending request to active directory. The user should be a valid domain user with at least read permissions of active directory. You can keep this user in a database or hardcode it's userid and password in the ASP script.
LogOff() This method must be called after accessing info from Active Directory in order for IIS to revert security permissions of the particular file

prjLogin is also an ActiveX DLL type project and contains only a class module. It uses references to Active DS type library. The clsDomainLogin class has one method with three parameters user name, password and domain.

' create an object of clsDomainLogin class

 Set oUser = Server.CreateObject("prjLogin.clsDomainLogin")

' BindObject has three parameters userid, password and domain name

 iResult = oUser.BindObject(strUser, strPassword, strDomain)

Below is a method of the class clsDomainLogin and its description:

Method Description
BindObject(strUser, strPassword, strDomain) This method should be called while authenticating from Active Directory. It returns 1 when successful and 0 when unsuccessful

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2003 by Faisal Haroon
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-10-19:1