7_2009-2012 Security #220059

Authenticate against Windows NT/2000 Domain

Name: Authenticate against Windows NT/2000 Domain
Brand: Planet Source Code
SKU: PSC-220059
Availability: InStock
Rating: 4.9 (109 reviews)
Author: MarkParter

MarkParter

★★★★★

4.8 · Downloads: 2,341

This code will take the users username and password from a form and use them to authenticate them against a Windows NT/2000 domain. Unlike other examples, you do not need to switch on 'Basic' or 'Integrated Windows' permissions for the webite on IIS. You can leave the setting as Anonymous Access.

AI Summary: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.

Source Code

Upload
'Place the following in your ASP page handling the server-side authetication.
'************************************************
<% Dim objADSI, strUsername, strPassword, strDomain
strUsername = Trim(Request.Form("txtUsername"))
strPassword = Trim(Request.Form("txtPassword"))
strDomain = "Intranet"
'you can easily change this to retrieve the domain from a form aswell
Set objADSI = GetObject("WinNT://" & strDomain)
     
Dim strADsNamespace
Dim objADSINamespace
strADsNamespace = Left("WinNT://" & strDomain, InStr("WinNT://" & strDomain, ":"))
Set objADSINamespace = GetObject(strADsNamespace)
Set objADSI = objADSINamespace.OpenDSObject("WinNT://" & strDomain, strDomain & "\" & strUsername, strPassword, 0)
' If there's no error then the user has been authenticated!
  
If Err.Number <> 0 Then 'authentication failed
  'code here for failed authentication
  Session("authenticated") = False
Else
  'code here for authentication success
  Session("authenticated") = True
End If
Set objADSINamespace = Nothing
Set objADSI = Nothing
Set strUsername = Nothing
Set strPassword = Nothing
Set strDomain = Nothing
Set strADsNamespace = Nothing %>
'***********************************************
At the top of all your protected ASP pages place the following:
<!-- #INCLUDE file="check.asp" -->

Make sure you check the path to the file, if necessary make it an absolute include, i.e. <!-- #INCLUDE file="http://www.yoursite.co.uk/check.asp" -->
'************************************************
create a file called check.asp, in it place the following code:
<% If Session("authenticated") <> True Then
   Session.Abandon 'clear any session variables
   Response.Redirect "login.asp" 'kick them back to the login page
End If %>

Original Comments (3)

Recovered from Wayback Machine