Hi Guys, below i have pasted an ASP page that our vendor gave us to use as a template. We are passing through Active Directory credentials and groups up to thier web site. The problem is, i dont know much about ASP and have been asking and checking forums
for a week now. Most people say i should use ASP.NET, and "why i dont have it this way, etc." Again, i did not create the page or have much knowlege with this. I need someone to seriously help look into code and try to figure out what could be wrong.
I have installed a brand new VM with 2008 server, running IIS7 and .Net framework. All updates have been done. The errors i get from the browser when trying to open the file vary from "The server is not valid or operational", or "The specified Domain does
not exist or could not be contacted", etc. I feel i have the things i need filled out are correct and the company we got this from clearly states i do not have to make any adjustments to the AD connection code, just where it states "Fill out" and "End Fill"
Please help!!
Thanks, Artie
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim email, firstName, lastName, userName
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS, oUser
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim iAdRootDSE
Dim strDefaultNamingContext
Dim Conn
Dim strQueryDL
Dim objCommand
Dim objCmd
Dim objRs
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://bill.pointecast.com"
logoutUrl = "http://SUSINC/matt.asp"
errorUrl = "http://SUSINC/otherway.asp?error={0}"
securityKey = "A1CCAB880B7EE5A4264B54299F8EF577070D7DC0BA4A6530"
activeDirectoryUser = "SUSINC\administrator" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "*****"
ldapIp = "172.20.2.3:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("Password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtree"
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF then
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
Set oUser = nothing
end if
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="http://bill.pointecast.com/lms/sso" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
mattasp
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
mattaspfirstname
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
mattasplastname
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security key
</td>
<td class="row">
A1CCAB880B7EE5A4264B54299F8EF577070D7DC0BA4A6530
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>
apinori
Member
61 Points
89 Posts
Single Sign On - Pass through form in .ASP
Aug 11, 2011 06:59 PM|LINK
Hi Guys, below i have pasted an ASP page that our vendor gave us to use as a template. We are passing through Active Directory credentials and groups up to thier web site. The problem is, i dont know much about ASP and have been asking and checking forums for a week now. Most people say i should use ASP.NET, and "why i dont have it this way, etc." Again, i did not create the page or have much knowlege with this. I need someone to seriously help look into code and try to figure out what could be wrong.
I have installed a brand new VM with 2008 server, running IIS7 and .Net framework. All updates have been done. The errors i get from the browser when trying to open the file vary from "The server is not valid or operational", or "The specified Domain does not exist or could not be contacted", etc. I feel i have the things i need filled out are correct and the company we got this from clearly states i do not have to make any adjustments to the AD connection code, just where it states "Fill out" and "End Fill"
Please help!!
Thanks, Artie
<%Option Explicit%> <% 'On Error Resume Next 'variables declared dim formAction, logoutUrl, errorUrl, securityKey dim email, firstName, lastName, userName Dim sDNSDomain, sFilter, sQuery, sDN Dim oConnection, oCommand, oRS, oUser Dim activeDirectoryUser, activeDirectoryPassword Dim ldapIp Dim iAdRootDSE Dim strDefaultNamingContext Dim Conn Dim strQueryDL Dim objCommand Dim objCmd Dim objRs '''''''''''''''''' FILL THESE OUT '''''''''''''''''''''' formAction = "http://bill.pointecast.com" logoutUrl = "http://SUSINC/matt.asp" errorUrl = "http://SUSINC/otherway.asp?error={0}" securityKey = "A1CCAB880B7EE5A4264B54299F8EF577070D7DC0BA4A6530" activeDirectoryUser = "SUSINC\administrator" 'should be format domain\username (example: microsoft\bgates) activeDirectoryPassword = "*****" ldapIp = "172.20.2.3:389" 'the IP address and port of your LDAP server sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com '''''''''''''''''' END FILL THESE OUT '''''''''''''''''''''' 'acquire user information userName=Request("AUTH_USER") Set oConnection = CreateObject("ADODB.Connection") Set oCommand = CreateObject("ADODB.Command") oConnection.Provider = "ADsDSOOBject" 'The user to run the LDAP query as. Doesn't need any special privileges oConnection.Properties("User ID") = activeDirectoryUser oConnection.Properties("Password")= activeDirectoryPassword oConnection.Open "Active Directory Provider" Set oCommand.ActiveConnection = oConnection if InStr(1,userName, "\") then userName = Mid(userName, InStr(1,userName, "\")+1) end if sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));givenName,sn,mail,distinguishedName;subtree" sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtree" oCommand.CommandText = sQuery oCommand.Properties("Timeout") = 30 Set oRS = oCommand.Execute if not oRS.EOF then email = oRS.Fields("mail") firstName = oRS.Fields("givenName") lastName = oRS.Fields("sn") Set oUser = nothing end if oRS.Close Set oRS=Nothing oConnection.Close Set oCommand = Nothing Set oConnection = Nothing %> </SCRIPT> <html> <head> <META http-equiv="Content-Type" content="text/html;charset=UTF-8"> <title><%Request.ServerVariables("SERVER_NAME") %></title> <style type="text/css"> <!-- TD { color: #000000; background-color: #FFFFFF; font-family: Verdana, Arial; font-size: 12px; } HR { height: 1px; color: #A52A25; } .row { font-size: 10px; } .header { color: #555555; background-color: #F4F4F4; border:1px solid #555555; } .alert {9:47 AM 11/15/2005 padding:20px; color: #000000; font-family: Verdana, Arial; font-size: 10px; font-weight: bold; } .formbutton { color: #000000; background-color: #F4F4F4; font-family: Verdana, Arial; font-size: 10px; text-transform: uppercase; width: 120px; height: 24px; } --> </style> </head> <body> <table> <tr> <td style="padding-bottom:10px"> <font size="4" color="#A52A25">Single Sign-on Test</font> <td> </tr> <% if not IsEmpty(Request.QueryString("error")) then %> <tr> <td> Response from the server:<br><br> <span class="alert"> <%= Request.QueryString("error") %> </span> </td> </tr> <tr> <td style="padding-top:10px;padding-bottom:20px"> <span class="alert"> <input class="formbutton" type="button" value="okay" onclick="location.href='sso.asp'"> </span> </td> </tr> <% end if %> <tr> <td> The following form parameters will be POSTED to the server: </td> </tr> </table> <table border="0" cellpadding="5" cellspacing="2" style="border:1px solid #A52A25;margin:20px"> <!-- FORM BEGINS HERE --> <form action="http://bill.pointecast.com/lms/sso" method="post"> <!-- TABLE HEADER --> <tr> <td width="200" class="row header"> request parameter </td> <td width="120" class="row header"> form value </td> <td class="row header"> req. (y/n) </td> </tr> <!-- USER ID --> <tr> <td class="row"> user.id </td> <td class="row"> mattasp </td> <td align="center" class="row"> y </td> </tr> <!-- FIRST NAME --> <tr> <td class="row"> user.first.name </td> <td class="row"> mattaspfirstname </td> <td align="center" class="row"> y </td> </tr> <!-- LAST NAME --> <tr> <td class="row"> user.last.name </td> <td class="row"> mattasplastname </td> <td align="center" class="row"> y </td> </tr> <!-- EMAIL --> <tr> <td class="row"> user.email </td> <td class="row"> <%= email %> </td> <td align="center" class="row"> n </td> </tr> <!-- DIVIDER --> <tr> <td colspan="3" style="padding:0px"> <hr> </td> </tr> <!-- SECURITY KEY --> <tr> <td class="row"> security key </td> <td class="row"> A1CCAB880B7EE5A4264B54299F8EF577070D7DC0BA4A6530 </td> <td align="center" class="row"> y </td> </tr> <!-- ERROR URL --> <tr> <td class="row"> security.error.url </td> <td class="row"> <%= errorUrl %> </td> <td align="center" class="row"> n </td> </tr> <!-- LOGOUT URL --> <tr> <td class="row" style="padding-bottom:15px"> security.logout.url </td> <td class="row" style="padding-bottom:15px"> <%= logoutUrl %> </td> <td align="center" class="row" style="padding-bottom:15px"> n </td> </tr> <tr> <td colspan="3" align="right"> <input class="formbutton" type="submit" value="login"> </td> </tr> <% if not IsEmpty(email) Then %> <input name="user.email" type="hidden" value="<%= email %>"> <% end if %> <input name="security.key" type="hidden" value="<%= securityKey %>"> <input name="security.error.url" type="hidden" value="<%= errorUrl %>"> <input name="security.logout.url" type="hidden" value="<%= logoutUrl %>"> <input name="user.id" type="hidden" value="<%= userName %>"> <input name="user.first.name" type="hidden" value="<%= firstName %>"> <% if not IsEmpty(lastName) Then %> <input name="user.last.name" type="hidden" value="<%= lastName %>"> <% end if %> </form> <!-- FORM ENDS HERE --> </table> </body> </html>