针对 Active Directory 的经典 ASP 身份验证 [英] Classic ASP Authenticate Against Active Directory

问题描述

我有一个经典的 ASP 网站(对不起！).它的某些部分需要启用 NT 身份验证.

I have a Classic ASP website (sorry!). Some parts of it need to be NT authentication enabled.

理想情况下，我希望向用户提供一个漂亮的登录表单(而不是浏览器提示)，然后我对 AD 进行身份验证，然后执行通常的如果成功登录，如果失败则显示错误"

I would ideally like to present the user with a nice login form (rather than a browser prompt) which I then authenticate against AD and then do the usual "log in if success, show error if failure"

这甚至可能吗?我在本地计算机上尝试了以下操作，但不确定如何正确测试成功，或者它是否甚至扩展到针对 AD 进行搜索

Is this even possible? I've tried the following on a local computer but not sure how to properly test for success or if it even expands to searching against AD

<html>
<head>
</head>
<body>
    <form action="test.asp" method="post">
        Username:
        <input type="text" name="strUserName"><br>
        Password:
        <input type="password" name="strPassword"><br>
        <input type="submit" name="btnSubmit">
    </form>
    <%
    If Request.Form("strUsername") <> "" Then
        Dim strADsPath
        strADsPath = "WinNT://ARIA"
        strUserName = Request.Form("strUserName")
        strPassword = Request.Form("strPassword")

        'Set adObject = GetObject("WinNT:")
        'Set userObject = adObject.OpenDSObject("WinNT://" & domainName, userName, password, ADS_SECURE_AUTHENTICATION)


        if (not strADsPath= "") then
            Dim oADsObject
            Set oADsObject = GetObject(strADsPath)

            response.write "Authenticating...<br><br>"

            Dim strADsNamespace
            Dim oADsNamespace

            strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
            set oADsNamespace = GetObject(strADsNamespace)

            Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, strUserName,strPassword, 0)

            if not (Err.number = 0) then
                Response.Write "<font color='red'><font size = 5><u><b>Authentication has failed...<b></u></font></font>"
                Session("Auth") = "NO"
            else
                Response.Write "<font color='blue'>USER AUTHENTICATED!</font><br>"
                Session("Auth") = "YES"
            end if
        end if
    End If
    %>
</body>
</html>

所以一旦通过身份验证，是否有可能获取其他内容，例如电子邮件和群组?

So once authenticated, is it possible to grab other stuff such as email and groups?

我已尝试关注 Classic ASP (VBScript), 2008 R2, error using AD to authentication 并尝试对我的本地计算机进行身份验证，但无论我输入什么，它总是会进行身份验证.我使用本地计算机的事实是否意味着它只是不行吗?

I've tried following Classic ASP (VBScript), 2008 R2, error using AD to authenticate and tried authenticating against my local machine but it ALWAYS authenticates no matter what I put in. Is it the fact I'm using a local machine mean it just won't work?

推荐答案

我知道这是一个老问题，但万一有人仍然感兴趣:

I know this is an old question, but in case someone is still interested:

这就是我针对 AD 对用户进行身份验证的方式:这是一种使用经过身份验证的 LDAP 查询的间接方法.如果查询失败，则不允许用户对域控制器进行身份验证.

This is how I authenticate users against an AD: It's an indirect approach using an authenticated LDAP query. If the query fails, the user is not allowed to authenticate against the domain controller.

这有点不雅，因为它需要明确命名域控制器.域名(如果您想使用 sam 帐户名)和搜索起始 DN 的 OU.

It's a bit inelegant in as much as it requires an explicit naming of a domain controller. domain name (if you want to use sam account names) and an OU for the search start DN.

  dim domainController : domainController = "yourdc.company.com"
  dim ldapPort : ldapPort = 389
  dim startOu : startOu = "DC=company,DC=com"

  Function CheckLogin( szUserName, szPassword)
    CheckLogin = False

    szUserName = trim( "" &  szUserName)

    dim oCon : Set oCon = Server.CreateObject("ADODB.Connection")
    oCon.Provider = "ADsDSOObject"
    oCon.Properties("User ID") = szUserName
    oCon.Properties("Password") = szPassword
    oCon.Open "ADProvider"
    dim oCmd : Set oCmd = Server.CreateObject("ADODB.Command")
    Set oCmd.ActiveConnection = oCon

    ' let's look for the mail address of a non exitsting user
    dim szDummyQuery : szDummyQuery = "(&(objectCategory=person)(samaccountname=DeGaullesC))"
    dim szDummyProperties : szDummyProperties = "mail"
    dim cmd : cmd = "<" & "LDAP://" & domainController & ":" & ldapPort & _
                        "/" & startOu & ">;" & szDummyQuery & ";" & szDummyProperties & ";subtree"
    oCmd.CommandText = cmd
    oCmd.Properties("Page Size") = 100
    on error resume next
    dim rs : Set rs = oCmd.Execute
    if err.Number = 0 then
      CheckLogin = true
      call rs.Close()
      set rs = nothing
    end if
    on error goto 0
    set oCmd = nothing
  End Function

  ' perform test
  dim res : res = CheckLogin( "youradnameyouruser", "yourpassword")
  if res then
    Response.Write( "Login ok")
  else
    Response.Write( "Login failed")
  end if

这篇关于针对 Active Directory 的经典 ASP 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！