Last post Sep 12, 2015 08:21 AM by PatriceSc
Sep 12, 2015 06:43 AM|Falken100|LINK
I use Active Directory to log on to my webpage. The user enter username and password and then I check with AD and if ok I set a session variable, get some settings from the systems database and then they are in.
Everything works fine but only for one user at the time.
If someone else try to log on AD always return that password or username is wrong.
What can be wrong? I haven't spoken to my admin yet. Is this something that is caused by wrong progrmming or is it some settings on the server?
I hope that someone can giv me some help.
Thanks in advace
Sep 12, 2015 06:49 AM|PatriceSc|LINK
Looks like wrong programming as of course just a limitation doesn't make really sense. Could it be that you are using a static variable somewhere (static variables are shared by all users)?
BTW ASP.NET may allow to do that out of the box using
https://msdn.microsoft.com/en-us/library/ff650308.aspx or Window integrated authentication...
Sep 12, 2015 07:37 AM|Falken100|LINK
Thanks for yur answer.
Her is my code.
I wil also check the link you send me.
Option Explicit On
Option Strict On
= 1 Then
user and password entered with Active Directory.
oADsObject, oADsNamespace As
oADsObject = GetObject(strADsPath)
oADsNamespace = GetObject("WinNT:")
oADsObject = oADsNamespace.OpenDSObject(strADsPath, strDomain &"\"
& strUserName, strpassword, 0)
Sep 12, 2015 08:21 AM|PatriceSc|LINK
What if you try
For now you are assuming that any error that happens is because credentials are not valid. So if you have a programming error (maybe something caused by an object being not disposed correctly) you'll consider it means the access is denied. As a general guideline:
- try to never have exceptions thrown as part of your usual control flow
- if you really have to, use rather try/catch and catch the exact exception that means the user is denied access so that other errors won't be mistakenly handled as an access being denied
- do exactly what you want. For now it seems indirect and you are actually checking if this user can access its own user object in AD which in some cases might be not be exactly what you actually want