I am looking at the ability for a user on my website to add/remove/edit windows user accounts, thus controlling access to my website. I have integrated windows authentication checked on the website and unchecked anon access in IIS, so I am always asked for a username and password.
I have seen some ADSI scripts that I can use in my ASP pages to manipulate local user accounts. However, when I try and use these they dont work as I need to have admin rights. Of course I don't wish to add the user to the admin group for security reasons....
Anyone have a code snippet to do this?
I am using the ADSI objects to retrieve groups and users informations. If possible, how can I retrieve the user password? I've search in Microsoft.com but I find only the SetPassword function (that of course changes the user password).
I am trying to prevent users from submitting HTML pages from their local machine to our website and I was wondering what the best way of doing this was.
I was thinking about using the HTTP_REFERER server variable (to check where the user has submitted a page from) as a blanket fix however when you use the javascript document.location on a page the HTTP_REFERER is always blank, which makes that a flawed fix.
I have seen other sites protect against this, so I know it can be done. Whats the best way.
I have question about whether it is best to use windows local user accounts to authenticate against when logging into a website OR using SSL for any communication sent to and from the web server. I know these are slightly different issues here, but I will explain my situation.
Clients will log onto my website and will be gived user access based upon their username and password. Therefore I initially wanted to use windows local user accounts and restrict anon access within IIS. However, I am thinking it would be just as secure to use HTML/ASP webpage and database access to the website, as long as the data was encyrpted.
We have an extranet located on one server that users access via a redirect on a URL. To access the extranet, they click on a link and have to enter their windows network logon details.
They then access the extranet which is based on Microsoft Sharepoint Services. I have written customised ASP pages, located on a second server on the same network, but want to use the same windows logon details.
I am looking into creating a intranet at work which will do a number of things including forums etc but one thing that i would like to do i dont know if it is possible or not.
When a user signs into their workstation it will launch the intranet, no problem, then i want it to log them in as the user id they logged into the workstation as. Is there any way of getting this information???
Is there a way with SQL to query certain groups from the same table?That would help me later to display the results in few columns(HTML table).
Example:
1st column- product ID (unique) 2nd column - product name 3rd column - group (here we have values that repeat themselves like:cans, meat, beverages, etc.)
All I want is to query by groups with SQL so the recordset would consist of: cans, meat and beverages (columns). Than I would list the products in every separate column. I don't know if this could be done? I know how to query one group of them only, but I need that for every group I have.
example; sql = "SELECT * FROM table WHERE group='cans', "
im looking for an asp (not .net) script based on a user forum where as the admin i can set up different users to only see related forum topics (i want to use it for project management) uploading files to the forum would also be a massive advantage!!!
I want to be able to log in a database any transactions my users perform. For example logging in, requesting a page, downloading a resource, logging out etc.
What is the most practical way to code this? I was thinking of trying to use an include file which would have a function to add a log in the database for each page on the site or when a particular action is performed.
we are developing an intranet application(web based)which needs to detect the logged in user ID of the user hitting the website.the intranet is huge and based on win2k active directory(around 20-30 different domains)with 25K+ users.i dont want to use "NT challenge response" for this pupose.
I am exploring ways using ADSI and WMI to query the Active directory by using the IP address in the incoming web request and trying to figure out the user ID logged into that machine how is it possible?
But instead of the absolute I want to set it up for a share on another computer with the path jotts2cinetpubwwwroot & userName . With the login Credentals of username admin password admin <<Just example. If everyone is like eh'. Free hosting to the person that figures it out.
I have found some code that authenticates users agains a domain using ADSI. I then redirect to another page and pass the username they have entered as a string. However, it would be nice to also get their full name from Active Directory once authenticated. Can anyone suggest how I may modify this code to achieve this? I would also like to pass their full name to the next page as a string. The code I found: Code:
I know this isn't the best group to ask this in - but I also know a lot of you have experience with this kind of stuff I'm going to be creating a site where customers will be able to set up their own sub-site (ie. www.mysite.com/theirsubsite). I'll need to be able to create virtual directories on-the-fly, so I plan on using ADSI to accomplish this. My question is - what are my options when it comes to permissions? Will I need to give the IUSR account admin permissions to create these directories, or is there some way to impersonate an admin account on the script creating the directories? Has anyone dealt with this before?
Has anyone ever experienced any problems authenticating with an ADSI application where after so long it stops responding. I can not track down what is causing the problem. I have a login page that uses the following code. This is running on a windows 2003 domain controller currently. If I put it on a windows 2000 member server I get this error way more often.
Dim oADsObject Set oADsObject = GetObject(strADsPath) Dim strADsNamespace Dim oADsNamespace strADsNamespace = left(strADsPath, instr(strADsPath, ":")) set oADsNamespace = GetObject(strADsNamespace) Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, strUserName, strPassword, 1)
It authenticates fine, but after so long the login page stops working. If I restart the application pool the page starts to work again. I have a volume of about 500-700 users authenticated at any given time. Should I be authenticating a different way?
how (or if it's even possible) to cache the results of an ADSI call in asp for a longer period of time. Basically what I am doing is I have a website that loads the 'full name' of the user that logs into it. Once the user full nam ehas been retreived (using adsi) the user can reload the page and it appears to just check a cached version of the request (since the page loads very fast).
If however the user waits a bit longer (maybe 5 min) and reloads the page it will take upto 4 secs to load the page (since the adsi call is being resubmitted). Is there anyway to increase the length of time that adsi info is cached?
First the brief: I'm currently developing an intranet at work. We have approximately 3000 users and they keep forgetting their passwords. We have 3 Tech-Support guys who keep having to reset them. The idea was to build a function in to the intranet to allow department heads to be able to reset other users passwords via asp.
All well and good. After a fair bit of reading, I've acquainted myself with the basics of talking to Active Directory and retrieving various objects, properties and values.
My problem is that when I try to update any of the objects (i'm focusing on the .description property at the moment 'cos when I break it - that's not gonna matter so much) But when I try and SetInfo, I get a General Access Error. My ServerVariables("LOGON_NAME") is empty. I was wondering if there was a way to force an asp page to run as the server administrator 'cos obviously when department heads login, we don't want all of them to be AD Admins. All they should be able to do is run my script to reset a password.
I'm not actually the server admin, and don't really know the specifics of IIS, but can I just tell it to run specific scripts as domainadmin? Or can I pass something in the asp headers to force it to authenticate as admin?
In the intranet system I'm building I need to draw information about Staff and integrate it into Department pages, and make it accessible via querystrings (so users can search for names). I've asked my IT department how to do this and they basically said "ask the internet"
So, if I want to access such information, where do I start? I cant find any tutorials that answer my questions, and feel a bit out of my depth regarding what I'm even meant to be asking. So basically... help! What's should be my plan of action!
I need to :
A) draw names, phone numbers, email addresses to show on relevant department pages.
B) Make a facility to search staff names to bring up similar information.
I have a script that I have set up to display users and their account status in an asp page, using adsi, then the web viewer can enable and disable accounts using this page. The problem I have is the anonymous user that IIS logs in with does not have the privileges to change accounts etc for active directory.
So, I made my server into an SSL server and made it ask for credentials using basic authentication. All works well for administrator as when the admin username and password are used, the script then runs with admin rights.
(as this is only a test server I can mess with all security etc before wrecking the real server!!) I delegated control to an OU that I wish to control with ASP and went and logged in as one of the users that was delegated control, but that says the script does not have the rights.
So, in effect, the script will not work unless I put in the admin username and passwords. I even delegated control to one user rather than a group but that still don't work. Any ideas please? Is it IIS, AD or ASP that is at fault?
I'm trying to access the ADSI data on a remote machine in my network usng ASP and the GetObject("IIS://...") call, but I keep getting an "Access Denied" message. It works perfectly on the localhost. Did anyone pass by this problem?
I want to be able to import data from active directory using an asp page. The problem is that i don't want to provide any username or login, i want the system to identify the logged user.
the script is runing fine if i provide the username and the password in the script but when i delete them i receive this error messahe : Providererror '80040e37' - Table does not exist Code:
I'd like to be able to list IIS websites and information in a web page (presumably using ADSI). Similar to the list you get in the MMC plug-in. Does anyone have a simple script I could start with? I'm only interested in reading info at the moment.
I'd like to get some user account properties using .asp script. When I try to use ADSI WINNT provider it works fine except that I apparently cannot access some properties such as objUser.managedObjects. I have this simple code:
<% Set objUser = GetObject("LDAP://CN=Users,CN=FisrtName LastName,DC=MyDomain,DC=com") For Each strValue in objUser.managedObjects Response.Write "This: " & strValue & "<br>" Next %>
As a VBS script it works fine but as an ASP page I cannot get the object initialized. Is it problem with syntax or something else? I'd like to avoid using .NET Framework and ADO connection as well if possible. All I really need is to get list of managedObjects.
My users logon to the Patriot domain, my intranet is on sdsddata01 server. I have a form that people have to click on a dropdown list to pick their name from the list when submitting a form. Is there any way to grab their username via ADSI so I can query it against a database that will get submitted against a form.
I have seen a few arcticles regarding this but I couldn't make sense of them. They are already authenticating when they login, so I don't want them to have to do it again once they hit the intranet. Is this possible using ADSI? Will I have to make some permission changes in IIS as well?
I have a set of web pages on an AD-authenticated web site that are supposed to allow users to modify their own AD account attributes, limited of course to things like their email address, URL, etc. I was hoping to connect to LDAP using secure authentication as described on a few tech web pages, and the connection works fine but when it's time to commit the changes with .SetInfo, the script fails with: Code:
I am working on building a tool Using ASP/COM & IIS5.1 for a non-administrative technical support team to change domain passwords for users. I have the basic interface built and working from my developement machine (Windows XP Pro SP 1A) which is hosting the pages for now. The problem is that when I try to access the site from a browser on a different pc using my credentials (IIS is running in Windows Authentication), it appears that the ADSI queries stop working and I get the following errors:
a.. Error Type: (0x8007200A) /ASP_TEST.ASP, line 64
which corresponds with a code that queries Active Directory for a particular OU to return the users within that OU.
I am a newbie to ASP developement so maybe I am missing something really trivial, like can I even accomplish this task in this manner?
Is there anyway I can get the information about a file on the local machine of a user that is reading pages from my web site? Scripting.FileSystemObject does not have permission to do this, and I want to check the size of a file before I try to get it uploaded.
An application runs on server, and is used for Hour-registration. Now I want to run the application local, I use SQL Server 2005, and managed to fix connection changes.
But now, I get this error everytime I run the application:
Microsoft VBScript runtime error Error Code :0x800A01CA
Error source : Error Description :Variable uses an Automation type not supported in VBScript