info from Active Directory on ASP page

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: M R T Jones (mrt.jones_at_ntlworld.com)
Date: 04/28/04 

Date: Wed, 28 Apr 2004 20:18:35 +0100

Hello group

I am not really sure which group to post to - apologies if I have it wrong.

User logs on to the network on a WinXP client with standard username /
password. A w2K server with AD authenticates.

User opens browser and accesses an ASP page on IIS on a different w2K
server.

If the site on IIS is set to use Windows Authentication and Anonymous access
is disabled I am able to use this code to report back on the page their log
on name:

response.write "Hello " & request.servervariables("LOGON_USER")

No problem with this - but I also want to get information from attributes
held in Active Directory, for example their email address and department

How can I do this using an LDAP provider?

My attempts so far using: (adapted from script by Ricahrd Mueller - thanks
and much respect!)

const ADS_NAME_TYPE_NT4 = 3
const ADS_NAME_TYPE_1779 = 1
const ADS_NAME_INITTYPE_DOMAIN = 1

dim objDomain, ADdomainOB, DomainName, objDN, objUser, objTrans, username

username = request.servervariables("LOGON_USER")

set objDomain = ( "LDAP://RootDSE" )
set ADdomainOB = GetObject( "LDAP://" &
bjDomain.Get( "DefaultNamingContext" ) )
DomainName = replace(ucase( ADdomainOB.name ), "DC=", "" )

set objTrans = createobject( "NameTranslate" )
objTrans.init ADS_NAME_INITTYPE_DOMAIN, DomainName
********************
objTrans.set ADS_NAME_TYPE_NT4, DomainName & "\" & username

set objDn = objTrans.Get( ADS_NAME_TYPE_1779 )

set objUser = getObject("LDAP://" & objDN)

response.write objUser.mail & "<br>"

usually fails on starred line with 'error 80090332 The security context
could not be established due to a failure in the
requested quality of service (e.g. mutual authentication or delegation).

If I allow anonymous access on the IIS site properties then it fails to get
the LOGON_USER

Any ideas would be welcome

Thank you

Relevant Pages

  • Re: Newbie question: Basic auth works, Chall/Resp fails?
    ... How IIS Authenticates Browser Clients ... > challenge/response and use Basic authentication instead, ... > domain A whenever a user logs onto a machine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: HELP PLEASE The request failed with HTTP status 401: Access Denied.
    ... Web Security: Part 2: Introducing the Web Application Manager, Client ... Authentication Options, and Process Isolation ... It introduces the Web Application Manager in IIS that ... logon session, which is dangerous. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Can no longer access ActiveSync
    ... OMA and Exchange/Exchange-OMA virtual directory. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... issue may be caused by the Exchange attribute of original user account. ...
    (microsoft.public.exchange.admin)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... I didn't realise the Web Sites folder in IIS manager threw up a global ... sure that Basic Authentication is allowed to function on your server. ... ACCOUNTNAME, this is the account that I am trying to grant access to: ... Account: COMPUTERNAME\ACCOUNTNAME Access type: FULL ...
    (microsoft.public.inetserver.iis.security)
  • Re: SBS2k3 and activesync over the air
    ... the Exchweb virtual directory. ... ONLY 'Basic authentication' is selected ... please restart your IIS service and test your issue again. ... Regarding ActiveSync issue, support code 0x85010014 means error HTTP 500. ...
    (microsoft.public.windows.server.sbs)