Thanks to whomever wrote it all those years ago!
Here it is, basically the function takes a username & password as parameters, and in the example has the domain hard-coded in the domainName variable, though you can easily change it to pass that as a parameter as well. It then uses ADO to connect to the Active Directory domain using the provided credentials to try to execute a simple query. If it succeeds, then the credentials are good. If it errors out, then the username/password combination is bad.
Note: I've only used this approach on computers that are joined to the AD domain in question.
Function validateUser(username, password)
Dim adConn, adCom, adRS
Dim domainName
On Error Resume Next
domainName = "mydomain.com"
err.clear
Set adConn = Server.CreateObject("ADODB.Connection")
adConn.provider ="ADsDSOObject"
adConn.properties("user id") = username
adConn.properties("password") = password
adConn.Properties("Encrypt Password") = true
adConn.Open "DS Query"
Set adCom = CreateObject("ADODB.Command")
Set adCom.ActiveConnection = adConn
adCom.CommandText = _
"select cn from 'LDAP://" & domainName & "' WHERE objectCategory='user'"
Set adRS = adCom.Execute
If err.Number = 0 Then
validateUser = True
Else
validateuser = False
End If
adRS.close
adConn.close
Set adRS=nothing
Set adCom=nothing
Set adConn=nothing
End Function
In use:
<%
Dim bLoggedIn, usr, pwd
bLoggedIn = False
usr = Trim(Request("user")) 'validate your input IRL (In Real Life)!
pwd = Trim(Request("pwd"))
If usr<>"" and pwd<>"" Then
bLoggedIn = validateUser (usr, pwd)
End If
%>
<html>
<body>
<% If bLoggedIn = False Then %>
<form method=post>
<p>Username: <input type="text" name="user" value="" /><br/>
Password: <input type="password" name="pwd" value="" /><br/>
<input type="submit" value="Login" /></p>
</form>
<% Else %>
<h2>Logged in!</h2>
<% End If %>
</body>
</html>
Thank you very much. This has been very helpful
ReplyDeleteThis just works. Awesome. Thanks!
ReplyDelete