经典ASP针对Active Directory进行身份验证 [英] Classic ASP Authenticate Against Active Directory
问题描述
我有一个Classic ASP网站(对不起!).它的某些部分需要启用NT身份验证.
I have a Classic ASP website (sorry!). Some parts of it need to be NT authentication enabled.
理想情况下,我想向用户提供一个不错的登录表单(而不是浏览器提示),然后针对AD进行身份验证,然后执行通常的如果成功则登录,如果失败则显示错误"
I would ideally like to present the user with a nice login form (rather than a browser prompt) which I then authenticate against AD and then do the usual "log in if success, show error if failure"
这甚至有可能吗?我已经在本地计算机上尝试了以下操作,但不确定如何正确测试是否成功,甚至无法扩展到针对AD搜索
Is this even possible? I've tried the following on a local computer but not sure how to properly test for success or if it even expands to searching against AD
<html>
<head>
</head>
<body>
<form action="test.asp" method="post">
Username:
<input type="text" name="strUserName"><br>
Password:
<input type="password" name="strPassword"><br>
<input type="submit" name="btnSubmit">
</form>
<%
If Request.Form("strUsername") <> "" Then
Dim strADsPath
strADsPath = "WinNT://ARIA"
strUserName = Request.Form("strUserName")
strPassword = Request.Form("strPassword")
'Set adObject = GetObject("WinNT:")
'Set userObject = adObject.OpenDSObject("WinNT://" & domainName, userName, password, ADS_SECURE_AUTHENTICATION)
if (not strADsPath= "") then
Dim oADsObject
Set oADsObject = GetObject(strADsPath)
response.write "Authenticating...<br><br>"
Dim strADsNamespace
Dim oADsNamespace
strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
set oADsNamespace = GetObject(strADsNamespace)
Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, strUserName,strPassword, 0)
if not (Err.number = 0) then
Response.Write "<font color='red'><font size = 5><u><b>Authentication has failed...<b></u></font></font>"
Session("Auth") = "NO"
else
Response.Write "<font color='blue'>USER AUTHENTICATED!</font><br>"
Session("Auth") = "YES"
end if
end if
End If
%>
</body>
</html>
因此,一旦通过身份验证,是否有可能抢劫其他内容,例如电子邮件和群组?
So once authenticated, is it possible to grab other stuff such as email and groups?
我已尝试遵循经典ASP(VBScript),2008 R2,使用AD进行身份验证时出错,,并尝试对我的本地计算机进行身份验证,但是无论我输入什么内容,它都始终进行身份验证.这是我使用本地计算机的事实意味着它只是无法正常工作?
I've tried following Classic ASP (VBScript), 2008 R2, error using AD to authenticate and tried authenticating against my local machine but it ALWAYS authenticates no matter what I put in. Is it the fact I'm using a local machine mean it just won't work?
推荐答案
我知道这是一个古老的问题,但是如果有人仍然感兴趣:
I know this is an old question, but in case someone is still interested:
这是我根据广告对用户进行身份验证的方式:这是使用经过身份验证的LDAP查询的间接方法.如果查询失败,则不允许用户根据域控制器进行身份验证.
This is how I authenticate users against an AD: It's an indirect approach using an authenticated LDAP query. If the query fails, the user is not allowed to authenticate against the domain controller.
它有点不雅致,因为它需要显式命名域控制器.域名(如果要使用sam帐户名)和一个OU作为搜索起始DN.
It's a bit inelegant in as much as it requires an explicit naming of a domain controller. domain name (if you want to use sam account names) and an OU for the search start DN.
dim domainController : domainController = "yourdc.company.com"
dim ldapPort : ldapPort = 389
dim startOu : startOu = "DC=company,DC=com"
Function CheckLogin( szUserName, szPassword)
CheckLogin = False
szUserName = trim( "" & szUserName)
dim oCon : Set oCon = Server.CreateObject("ADODB.Connection")
oCon.Provider = "ADsDSOObject"
oCon.Properties("User ID") = szUserName
oCon.Properties("Password") = szPassword
oCon.Open "ADProvider"
dim oCmd : Set oCmd = Server.CreateObject("ADODB.Command")
Set oCmd.ActiveConnection = oCon
' let's look for the mail address of a non exitsting user
dim szDummyQuery : szDummyQuery = "(&(objectCategory=person)(samaccountname=DeGaullesC))"
dim szDummyProperties : szDummyProperties = "mail"
dim cmd : cmd = "<" & "LDAP://" & domainController & ":" & ldapPort & _
"/" & startOu & ">;" & szDummyQuery & ";" & szDummyProperties & ";subtree"
oCmd.CommandText = cmd
oCmd.Properties("Page Size") = 100
on error resume next
dim rs : Set rs = oCmd.Execute
if err.Number = 0 then
CheckLogin = true
call rs.Close()
set rs = nothing
end if
on error goto 0
set oCmd = nothing
End Function
' perform test
dim res : res = CheckLogin( "youradname\youruser", "yourpassword")
if res then
Response.Write( "Login ok")
else
Response.Write( "Login failed")
end if
这篇关于经典ASP针对Active Directory进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!