A few months ago I ran into a bit of a problem. I was programming a front end for web application, and in that web application I wanted to prompt for the users username and password, and then verify that that user was, in fact, a user in the domain.
I then wanted to pull the user’s information, like the DistinguishedName property, and it’s CN or CommonName. This was surprisingly hard to figure out. There was lots of information out there on how to do IIS impersonation, which is not what I wanted to do, but I did want to verify the users credentials to see certain information.
After quite a bit of digging, I finally figured it out and, as per usual, packaged it nicely in a form that can be used to very quickly and easily verify if the user is who he says he is. The function is called IsAuthenticated and accepts the parameters sUsername and sPassword.
The variable sDomainLDAP is passed in LDAP nomenclature, for example “DC=naterice,DC=com”. I don’t pass this as a variable to the function since I set the variable globally, but you could simply modify the function to accept this as a parameter if you chose.
The user you use must have permissions to query the domain, so obviously the user running in IIS will have to be a domain member. It cannot be running as a local system account or the query will fail.
If everything is working, the function will return “True” if you have passed a valid username and password or “False” if either the username or password are wrong.
As always, questions or comments are welcome below!
sDomainLDAP = "DC=naterice,DC=com"
Function IsAuthenticated(sUsername, sPassword)
'This script is provided under the Creative Commons license located
'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
'be used for commercial purposes with out the expressed written consent
Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.Provider = "ADsDSOOBJECT"
adoCon.Properties("User ID") = sUsername
adoCon.Properties("Password") = sPassword
adoCon.Properties("Encrypt Password") = true
adoCon.Open "DS Query", sUsername, sPassword
sQuery = "SELECT cn FROM 'LDAP://" & sDomainLDAP & "' WHERE objectClass='*' "
Set cmd = Server.CreateObject("ADODB.Command")
Set cmd.ActiveConnection = adoCon
cmd.CommandText = sQuery
On Error Resume Next
Set rs = cmd.Execute
If rs.bof Or rs.eof Then
IsAuthenticated = False
IsAuthenticated = True
On Error Goto 0
Set adoCon = Nothing
Set cmd = Nothing