Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP General (http://www.velocityreviews.com/forums/f65-asp-general.html)
-   -   authentication issue (http://www.velocityreviews.com/forums/t790905-authentication-issue.html)

Doug Partridge 10-11-2003 08:38 PM

authentication issue
 

Hi, I have been stuck on something for a few days ... I
have some code that is working on a domain controller but
not a member server (running on a DC is not an option, so
I must get it to work on the member server). I figured no
problem, I will just provide domain user credentials in my
code .... well, it has not been so easy. I run into one
of two problems, when I don't provide credentials (when
running on the member server) I get:

Provider (0x80004005)
Unspecified error

when I do provide credentials, I get:

Provider (0x80040E09)
Permission denied.

Can someone tell what I am doing wrong ... or perhaps show
me another way to do this? Thanks in advance.

- doug

---------------------------------------
<%

sUserAccountName = "user10"

Dim oRootDSE
Set oRootDSE = GetObject ("LDAP://rootDSE")
sADsPath = oRootDSE.Get("defaultNamingContext")
Set oRootDSE = Nothing

<!--END CALLOUT A-->


<!--BEGIN CALLOUT B-->

Dim oConnection, oCommand, oRecordSet
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
'oConnection.Properties("User ID") = "user1"
'oConnection.Properties("Password") = "pass"
'oConnection.Properties("Encrypt Password") = True

oConnection.Open "Active Directory Provider"
Set oCommand = CreateObject("ADODB.Command")
Set oCommand.ActiveConnection = oConnection
oCommand.CommandText = _
"SELECT samAccountName,mail,displayname,userprincipalname
FROM 'LDAP://" & _
sADsPath & "'" & "WHERE samAccountName ='" & _
sUserAccountName & "' AND objectCategory='Person'"

Set oRecordSet = oCommand.Execute
If not oRecordSet.EOF Then
Response.Write oRecordSet.Fields("mail") & "<BR><BR>"
Response.Write oRecordSet.Fields("userprincipalname") &
"<BR><BR>"
Response.Write oRecordSet.Fields("displayname") & "<BR><BR>"
End If
oConnection.Close
Set oConnection=Nothing
Set oCommand=Nothing
Set oRecordSet=Nothing



%>



Egbert Nierop \(MVP for IIS\) 10-13-2003 11:32 AM

Re: authentication issue
 
"Doug Partridge" <douglas_partridge@_nospam_.yahoo.com> wrote in message
news:%23U2lbeDkDHA.1084@tk2msftngp13.phx.gbl...
>
> Hi, I have been stuck on something for a few days ... I
> have some code that is working on a domain controller but
> not a member server (running on a DC is not an option, so
> I must get it to work on the member server). I figured no
> problem, I will just provide domain user credentials in my
> code .... well, it has not been so easy. I run into one
> of two problems, when I don't provide credentials (when
> running on the member server) I get:
>
> Provider (0x80004005)
> Unspecified error
>
> when I do provide credentials, I get:
>
> Provider (0x80040E09)
> Permission denied.

You should make sure that your IWAM and your IUSR account have sufficient
privilige to access the active directory. Since these accounts default to
the local accounts database, they have not been granted access to the LDAP
database. So this requires resetting the IWAM & IUSR account
You can change them using the scripts in \inetpub\adminscripts\adsutil.vbs

An other, less efficient trick is to authenticate in code and not to use
anonymous LDAP connections...


> Can someone tell what I am doing wrong ... or perhaps show
> me another way to do this? Thanks in advance.
>
> - doug
>
> ---------------------------------------
> <%
>
> sUserAccountName = "user10"
>
> Dim oRootDSE
> Set oRootDSE = GetObject ("LDAP://rootDSE")
> sADsPath = oRootDSE.Get("defaultNamingContext")
> Set oRootDSE = Nothing

%>
>
>



Doug Partridge 10-14-2003 01:52 AM

Re: authentication issue
 
Egbert,

Thanks for responding. I will look into the ADSUTIL option. You mentioned
that a less efficient option is authenticating via the code. I was
attempting to do this but could never successfully run the code. I would
like to know how to do this, or at least what I was doing incorrectly. Do
you have a code sample that might help (or show me using the code I
submitted in my original post)? Thanks, Doug

"Egbert Nierop (MVP for IIS)" <egbert_nierop@nospam.com> wrote in message
news:ODPtP3XkDHA.2424@TK2MSFTNGP10.phx.gbl...
> "Doug Partridge" <douglas_partridge@_nospam_.yahoo.com> wrote in message
> news:%23U2lbeDkDHA.1084@tk2msftngp13.phx.gbl...
> >
> > Hi, I have been stuck on something for a few days ... I
> > have some code that is working on a domain controller but
> > not a member server (running on a DC is not an option, so
> > I must get it to work on the member server). I figured no
> > problem, I will just provide domain user credentials in my
> > code .... well, it has not been so easy. I run into one
> > of two problems, when I don't provide credentials (when
> > running on the member server) I get:
> >
> > Provider (0x80004005)
> > Unspecified error
> >
> > when I do provide credentials, I get:
> >
> > Provider (0x80040E09)
> > Permission denied.

> You should make sure that your IWAM and your IUSR account have sufficient
> privilige to access the active directory. Since these accounts default to
> the local accounts database, they have not been granted access to the LDAP
> database. So this requires resetting the IWAM & IUSR account
> You can change them using the scripts in \inetpub\adminscripts\adsutil.vbs
>
> An other, less efficient trick is to authenticate in code and not to use
> anonymous LDAP connections...
>
>
> > Can someone tell what I am doing wrong ... or perhaps show
> > me another way to do this? Thanks in advance.
> >
> > - doug
> >
> > ---------------------------------------
> > <%
> >
> > sUserAccountName = "user10"
> >
> > Dim oRootDSE
> > Set oRootDSE = GetObject ("LDAP://rootDSE")
> > sADsPath = oRootDSE.Get("defaultNamingContext")
> > Set oRootDSE = Nothing

> %>
> >
> >

>





All times are GMT. The time now is 06:10 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.