I have inherited an ASP Reset Password application for a help desk. I have coded a few vb.net console apps to maintain AD accounts but have little experience with ASP programs.
My task is to provide better authentication while reducing the amount of logins required to reset a user's password.
The initial page is an asp page that contains HTML with one include asp file reference. The included file has <%Language=”VBSCRIPT”%> and <%...%> tags. Subsequent asp pages have the <%...%> tags or <SCRIPT Language=”VBSCRIPT” tags.
So would this be considered a “classic” VB script forms application?
Our admin has removed anonymous access by my request to the folder structure so the lookups are not exposed. But to reset a password the help desk person must enter their credentials again (because the app is running with the credentials of the Web server I believe).
I’m not sure if I should start from scratch with this program and approach it from an ASPNetAdminMembershipProvider perspective –or- simply add admin credentials which includes encryption to a web.config file. (The application currently does not have a web.config file and there is no VS project for the application.)
The server environment was recently brought up to Windows Server 2003 and has IIS 6 running on it. I have VS 2005 at my development workstation.
What path would you suggest that I take to provide a more streamlined application for resetting passwords? I have found a couple documents/tutorials on forms authentication; is this the way to go? Should I start over or stick with the VBSCRIPT path? I did a search on resetting passwords but was overwhelmed with over 41000 entries.
Also, in playing with the app I see that it is using a WinNT provider when binding to AD. Is this the only option or recommended option when working with AD from an ASP program? I tried switching to an LDAP provider which I am accustomed to but kept getting object errors.
Thanks in advance,
Steve