Saturday, March 22, 2014

Autenticazione WEB su Dominio Windows via LDAP #LDAP #asp

Ecco come son riuscito ad autenticare da una pagina asp sul dominio windows .
La funzione controlla USERNAME/PASSORD ma anche l'apaprtenenza o meno ad un gruppo.
Se il gruppo è passato come vuoto "" la procedura verifica solo USER/password

Ganzo!

<%@Language="VBScript"%>
<%
'USAGE
'response.write (validateUserAndGroup("domain", "username","password","thegroup"))
'return value: 0=SUCCESS 1=FAIL
function validateUserAndGroup(domainname,strUsername,strpassword,theTeamName)

'Avoid error messages
on error resume next

' VERIFICA USERNAME/PASSWORD
Set objDomain = GetObject ("LDAP://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set objConnection = Server.CreateObject("ADODB.Connection")
objConnection.provider ="ADsDSOObject"
objConnection.Properties("User ID") =  domainname+"\" + strUsername
objConnection.Properties("Password") = strpassword
objConnection.open "Active Directory Provider"
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText ="select cn FROM 'LDAP://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set objRS = objCommand.Execute

If Err.Number <> 0 Then
' USER NOT VALID : FAIL
'response.write ("USER NOT VALID: FAIL")
  validateUserAndGroup=1
Exit Function
Else
if theTeamName="" then
' GROUP NOT TO BE CHECKED
' USER VALID : SUCCESS
'response.write ("USER  VALID: Group Not Needed")
validateUserAndGroup=0
Exit Function
else
' GROUP MUST BE CHECKED 
  objCommand.CommandText ="select memberOf FROM 'LDAP://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
  'response.write objCommand.CommandText &"
"
  Set rs = objCommand.Execute
  membership=rs("memberof")
  rs.Close
  objConnection.Close

  Set rs = Nothing
  Set objConnection = Nothing
  For each group in membership
   newgroup=split(group,"=")
   tempgroup=left(newgroup(1), len(newgroup(1))-3)
   tempgroup=lcase(tempgroup) 
   If tempgroup=TheTeamName Then
    ' GROUP VALID : SUCCESS
    validateUserAndGroup=0
    Exit Function
   End If         
  Next
end if
End If
' GROUP NOT VALID : FAIL
'response.write ("GROUP NOT VALID: FAIL")
validateUserAndGroup=1
end function
%>

No comments:

Post a Comment