ASP Verify Credentials Against a Domain – IsAuthenticated

A few months ago I ran into a bit of a problem. I was programming a front end for web application, and in that web application I wanted to prompt for the users username and password, and then verify that that user was, in fact, a user in the domain.

I then wanted to pull the user’s information, like the DistinguishedName property, and it’s CN or CommonName. This was surprisingly hard to figure out. There was lots of information out there on how to do IIS impersonation, which is not what I wanted to do, but I did want to verify the users credentials to see certain information.

After quite a bit of digging, I finally figured it out and, as per usual, packaged it nicely in a form that can be used to very quickly and easily verify if the user is who he says he is. The function is called IsAuthenticated and accepts the parameters sUsername and sPassword.

The variable sDomainLDAP is passed in LDAP nomenclature, for example “DC=naterice,DC=com”. I don’t pass this as a variable to the function since I set the variable globally, but you could simply modify the function to accept this as a parameter if you chose.

The user you use must have permissions to query the domain, so obviously the user running in IIS will have to be a domain member. It cannot be running as a local system account or the query will fail.

If everything is working, the function will return “True” if you have passed a valid username and password or “False” if either the username or password are wrong.

As always, questions or comments are welcome below!

sDomainLDAP = "DC=naterice,DC=com"

Function IsAuthenticated(sUsername, sPassword)
  'This script is provided under the Creative Commons license located
  'at . It may not
  'be used for commercial purposes with out the expressed written consent

  Set adoCon = Server.CreateObject("ADODB.Connection")

  adoCon.Provider = "ADsDSOOBJECT"
  adoCon.Properties("User ID") = sUsername
  adoCon.Properties("Password") = sPassword
  adoCon.Properties("Encrypt Password") = true
  adoCon.Open "DS Query", sUsername, sPassword

  sQuery = "SELECT cn FROM 'LDAP://" & sDomainLDAP & "' WHERE objectClass='*' "

  Set cmd = Server.CreateObject("ADODB.Command")
  Set cmd.ActiveConnection = adoCon
  cmd.CommandText = sQuery

  On Error Resume Next
    Set rs = cmd.Execute
    If rs.bof Or rs.eof Then
      IsAuthenticated = False
      IsAuthenticated = True
    End If
  On Error Goto 0
  Set adoCon = Nothing
  Set cmd = Nothing
End Function


Leave a Comment