|
Question : How to authenticate users in single computers?
|
|
Hi All,
I am using C# .NET 2003 to write a simple application to authenticate users in single computers. I know the user's path, an example of the path likes this: WinNT://MyDomain/PC10016/ASDF (I used WinNT:// to get the path of users).
My OS is XP Pro and the computer name is PC10016. Please note the user 'ASDF' is not in the AD of the MyDomain, it is a user for computer PC10016.
Then I used the following sample code to authenticate users:
try
{
DirectoryEntry obDirEntry = new DirectoryEntry ("WinNT://MyDomain/PC10016/ASDF");
obDirEntry.Username = "UserName";
obDirEntry.Password = "UserPWD";
string strID = obDirEntry.NativeGuid;
Object native = obDirEntry.NativeObject;
foreach( string propertyName in obDirEntry.Properties.PropertyNames)
{
string strPropValue = obDirEntry.Properties[propertyName][0].ToString();
MessageBox.Show(strPropValue,propertyName);
}
}
catch(Exception ex)
{
MessageBox.Show(ex.Message + "\n" + ex.Source + "\n" + ex.StackTrace);
}
I know user's name and password because I added them to my computer 'PC10016' in Computer Management.
However, I will get error message: "Unknown error (0x80005004)".
I have been struggling for this problem for quite a few weeks. Please help. Thanks.
|
Answer : How to authenticate users in single computers?
|
|
<%
Set DomainObj = GetObject("WinNT://domain name")
DomainObj.Filter = Array("group")
For Each GroupObj In DomainObj
If GroupObj.Class = "Group" Then response.write GroupObj.Name & "<br>"
Set GroupObj = GetObject("WinNT://domain name/" & (GroupObj.Name))
For Each UserObj in GroupObj.Members
Response.Write " " & "User " & UserObj.Name & "<br>"
Next
Next
Set DomainObj = Nothing
Set GroupObj = Nothing
%>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This code is what I am currently using to loop through Active Directory Accounts to view Groups and Users. I want to drill down further and get department names, Full names, email addresses and phone numbers from each of the users. How can I drill further down? What objects do I need to call? I am also trying to allow certain users to have access to the intranet. I tried this code from MS and I had an unexpected error.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<%@ Language=VBScript %>
<% Option Explicit %>
<%
' Force authentication
If Request.ServerVariables("LOGON_USER") = "" Then
Response.Status = "401 Authorization Required"
Response.End
End If
%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft FrontPage 5.0">
<TITLE></TITLE>
</HEAD>
<BODY>
<%
Dim strServerName 'NT local machine name
Dim strGroup 'NT group name
Dim strMachineObject 'ADSI machine object path
Dim strUserADsPath 'ADSI user ads path
Dim objMachine 'ADSI machine object
Dim strNameSpace 'ADSI namespace
Dim objMember 'ADSI member object
Dim objGroup 'ADSI group object
Dim strADSPath 'ADS path
Dim bolAuthenticated 'Authentication flag
Dim strMember 'NT user name for group member
' Build MachineObject
strServerName = Request.ServerVariables("SERVER_NAME")
strMachineObject = "WinNT://texarkana.coopertire.com/" & strServerName
' Build Current User's UserAdsPath
strUserAdsPath = "WinNT://texarkana.coopertire.com/" & Request.ServerVariables("LOGON_USER")
strUserAdsPath = Replace(strUserAdsPath, "\", "/")
' Get NameSpace from Machine Object
Set objMachine = GetObject(strMachineObject) +++++++++++++++LINE OF ERROR++++++++++++++++++++
strNameSpace = objMachine.Parent
Set objMachine = Nothing
' Build Name Space for Group Object
strGroup = "WebAdmin"
strNameSpace = strNameSpace & "/" & strServername
' Iterate through the Web Administrators group and ensure
' that the user visiting this page is a member
Set objGroup = GetObject(strNameSpace & "/" & strGroup)
For Each objMember in objGroup.Members
If objMember.ADsPath = strUserAdsPath then
bolAuthenticated = "True"
Exit for
End If
Next
Set objGroup = Nothing
If bolAuthenticated then
%>
<CENTER>
<FORM ACTION=""
METHOD="POST">
<TABLE WIDTH=600 BORDER=0 CELLSPACING=1 CELLPADDING=1>
<TR>
<TD ALIGN="RIGHT" NOWRAP>
Virtual Directory To Create</TD>
<TD ALIGN="LEFT" NOWRAP>
<INPUT type="text"
id=textVirtualDirectory
name=textVirtualDirectory size="20"></TD>
</TR>
<TR>
<TD ALIGN="RIGHT" NOWRAP>Developer</TD>
<TD ALIGN="LEFT" NOWRAP>
<SELECT size=1 id=selectOwner name=selectOwner>
<%
strGroup = "Admin"
' Iterate through the Users group and get a list of people
' who are a member of that group.
Set objGroup = GetObject(strNameSpace& "/" & strGroup)
For Each objMember in objGroup.Members
strMember = Replace(objMember.ADsPath, "/", "\")
strMember = Mid(strMember, 9, Len(strMember))
Response.Write "<OPTION VALUE=" & strMember & ">"
Response.Write strMember
Response.Write "</OPTION>"
Next
Set objGroup = Nothing
%>
</SELECT>
</TD>
</TR>
<TR>
<TD ALIGN="RIGHT" NOWRAP>
Turn on Script Permissions</TD>
<TD ALIGN="LEFT" NOWRAP>
<INPUT type="checkbox" id=checkboxScript
name=checkboxScript value="ON"></TD>
</TR>
<TR>
<TD ALIGN="RIGHT" NOWRAP>
<INPUT type="reset" value="Reset"
id=reset1 name=reset1></TD>
<TD ALIGN="LEFT" NOWRAP>
<INPUT type="submit" value="Submit"
id=submit1 name=submit1></TD>
</TR>
</TABLE>
</FORM>
</CENTER>
<%
Else
%>
<P>I am sorry you do not have access to this page.
Please contact the Web site administrators
for more information</P>
<%
End If
%>
</BODY>
</HTML>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I also tried this and got an error on
Error Type:
(0x80070035)
/ad.asp, line 12
<%
Dim strLogonUser
Dim strPassword
Dim objUser
Dim strFullName
strLogonUser = Trim(Request.ServerVariables("LOGON_USER"))
if strLogonUser = "" then strLogonUser = "nothing" End If
Response.Write strLogonUser & "<br>"
Set objUser = GetObject("WinNT://Domain Name" & Replace(strLogonUser, "\", "/")) +++++++++++++++LINE 12++++
strFullName = objUser.FullName
Response.Write objUser.FullName & "<br>"
Set objUser = nothing
Dim objGroups
Dim objList
Dim Desc
Set obj = GetObject("LDAP://Domain Name/cn=" & strFullName & ",ou=[Name],dc=[Name],dc=com")
objList = obj.GetEx("memberof")
For Each Desc In objList
Response.Write Desc & "<br>"
Next
%>
View Accepted Answer
Question History
Comment from mrmcfeely Date: 08/12/2003 06:53AM GMT-08:00
Try outputting "strMachineObject" in the first example to see what GetObject() is trying to get... that might help track down what's going wrong.
Similarly, I see the line...
Response.Write strLogonUser & "<br>"
... in the second example. What value is getting stored (at runtime) in "strLogonUser"?
Comment from luckyinc Date: 08/12/2003 07:18AM GMT-08:00
Since my post, i found the strmachineobject error, but the line
' that the user visiting this page is a member
Set objGroup = GetObject(strNameSpace & "/" & strGroup) ++++++++++++++++ERROR
Error Type:
(0x80005004)
/ad2.asp, line 52
++++++++++++++++++++++++++++++++++++++++++++++++++++++
Second Example
My logon name is ----- domainname/LuckyInc ---------
I think this is causing some uh ohhs in both examples. When I call my name, it includes the domain name.
I finally looped through my User records. It did not like User.FullName (Active Directory Error) , so I used User.Name and i could view the information. How easy is it to get email addresses from the users? Do i have to use their Active Directory Username to access the Exchange Server, or can I pull the data from Active Directory. I do not want the web to have admin rights for security reasons. Any suggestions?
Comment from mrmcfeely Date: 08/12/2003 07:42AM GMT-08:00
Since your domain name is included in you logon name, you should take out "Domain Name" in this line:
Set objUser = GetObject("WinNT://Domain Name" & Replace(strLogonUser, "\", "/"))
(The new code):
Set objUser = GetObject("WinNT://" & Replace(strLogonUser, "\", "/"))
Otherwise, you'd be calling GetObject("WinNT://Domain Namedomainname/LuckyInc") and unintentionally duplicating the domain name (uh oh!).
Active Directory does have a spot for a user's email address, but I think you have to put it there yourself (ie, it's not automatically put there by Exchange... that's just a gut feeling, though... I don't know for sure). If you do have to pull the email from Exchange, I'm not really sure how that's done. It's an interesting problem, though, and I'd be willing to do some research to help with your question and also for my own enlightenment. Let me know...
Comment from luckyinc Date: 08/12/2003 11:21AM GMT-08:00
I fixed the above suggested answer. It still has some errors. I will look into it some more. I have spent most of the day researching to figure out how to do get the Email Address and Department from Active Directory. I have found many links. I can post them, and you can see if you want.
Comment from mrmcfeely Date: 08/12/2003 11:29AM GMT-08:00
Go ahead and post those links... I'd like to see what you found, and maybe add to your list if I find anything else that looks interesting.
Comment from luckyinc Date: 08/12/2003 11:34AM GMT-08:00
http://www.15seconds.com/issue/020130.htm
http://support.microsoft.com/default.aspx?kbid=252459
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q253/5/68.asp&NoWebContent=1
http://www.winscriptingsolutions.com/Articles/Index.cfm?TopicID=751
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/listing_users.asp
Comment from luckyinc Date: 08/12/2003 11:36AM GMT-08:00
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iadsuser.asp
The link above contains most of the info i need, but i dont know how to make it work
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/default.asp
http://www.topxml.com/conference/wrox/1999_dc/text/adamadsi.asp
http://www.rlmueller.net/UserAttributes.htm - Spreadsheets with the Attributes...good one!
Comment from mrmcfeely Date: 08/12/2003 11:56AM GMT-08:00
Good links... I actually had another thought while browsing through those pages...
It seems that some of the attributes you're trying to get are not going to be available at all with the WINNT provider (e.g., EmailAddress and Department... see http://msdn.microsoft.com/library/en-us/netdir/adsi/unsupported_iadsuser_property_methods.asp).
You might be better off altogether if you use the LDAP provider (assuming that you're connecting to a Windows2000 Active Directory). Let me know if you need some links about the LDAP provider...
Comment from luckyinc Date: 08/12/2003 12:00PM GMT-08:00
Yes I am....I that is where i am now....it has been a long day!! I am reading and it has code on how to connect, but I do not understand some of the syntax. I do not understand where the database is located. I think some links and explaination would help me out alot.
Thanks for your help
Lucky
Accepted Answer from mrmcfeely Date: 08/12/2003 12:35PM GMT-08:00
I feel your pain, Lucky... I've had to struggle with ADSI a while back as well... not to mention access Active Directory through ColdFusion... blech.
LDAP syntax is weird... all I know with ADSI is that if you don't get the LDAP ADsPath just right, it explodes and gives you unknown exceptions and all the other meaningless "Check Engine Lights" of Microsoft error messages. Here's the best link I could find so far:
http://msdn.microsoft.com/library/en-us/netdir/adsi/adsi_ldap_provider.asp (Click the links in the left frame for each article)
Hopefully that should help things along a bit... unfortunately, there is a bit of a learning curve to the LDAP stuff, since it's really not like any other querying method one normally uses.
Comment from mrmcfeely Date: 08/12/2003 12:42PM GMT-08:00
Here's another link that correlates LDAP names with Active Directory:
http://www.microsoft.com/windows2000/en/server/help/sag_ADintro_12.htm
Comment from luckyinc Date: 08/13/2003 04:06AM GMT-08:00
Thanks for your help...i was wondering if i could get the email addresses and other information if it is filled into Active Directory, but I think that those extra fields become avaliable when you are connected to exchange...still learning...so i am not sure.
LuckyInc
|
|
|
|
|
