authentication issue

Discussion in 'ASP General' started by Doug Partridge, Oct 11, 2003.

  1. Hi, I have been stuck on something for a few days ... I
    have some code that is working on a domain controller but
    not a member server (running on a DC is not an option, so
    I must get it to work on the member server). I figured no
    problem, I will just provide domain user credentials in my
    code .... well, it has not been so easy. I run into one
    of two problems, when I don't provide credentials (when
    running on the member server) I get:

    Provider (0x80004005)
    Unspecified error

    when I do provide credentials, I get:

    Provider (0x80040E09)
    Permission denied.

    Can someone tell what I am doing wrong ... or perhaps show
    me another way to do this? Thanks in advance.

    - doug

    ---------------------------------------
    <%

    sUserAccountName = "user10"

    Dim oRootDSE
    Set oRootDSE = GetObject ("LDAP://rootDSE")
    sADsPath = oRootDSE.Get("defaultNamingContext")
    Set oRootDSE = Nothing

    <!--END CALLOUT A-->


    <!--BEGIN CALLOUT B-->

    Dim oConnection, oCommand, oRecordSet
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Provider = "ADsDSOObject"
    'oConnection.Properties("User ID") = "user1"
    'oConnection.Properties("Password") = "pass"
    'oConnection.Properties("Encrypt Password") = True

    oConnection.Open "Active Directory Provider"
    Set oCommand = CreateObject("ADODB.Command")
    Set oCommand.ActiveConnection = oConnection
    oCommand.CommandText = _
    "SELECT samAccountName,mail,displayname,userprincipalname
    FROM 'LDAP://" & _
    sADsPath & "'" & "WHERE samAccountName ='" & _
    sUserAccountName & "' AND objectCategory='Person'"

    Set oRecordSet = oCommand.Execute
    If not oRecordSet.EOF Then
    Response.Write oRecordSet.Fields("mail") & "<BR><BR>"
    Response.Write oRecordSet.Fields("userprincipalname") &
    "<BR><BR>"
    Response.Write oRecordSet.Fields("displayname") & "<BR><BR>"
    End If
    oConnection.Close
    Set oConnection=Nothing
    Set oCommand=Nothing
    Set oRecordSet=Nothing



    %>
    Doug Partridge, Oct 11, 2003
    #1
    1. Advertising

  2. "Doug Partridge" <douglas_partridge@_nospam_.yahoo.com> wrote in message
    news:%...
    >
    > Hi, I have been stuck on something for a few days ... I
    > have some code that is working on a domain controller but
    > not a member server (running on a DC is not an option, so
    > I must get it to work on the member server). I figured no
    > problem, I will just provide domain user credentials in my
    > code .... well, it has not been so easy. I run into one
    > of two problems, when I don't provide credentials (when
    > running on the member server) I get:
    >
    > Provider (0x80004005)
    > Unspecified error
    >
    > when I do provide credentials, I get:
    >
    > Provider (0x80040E09)
    > Permission denied.

    You should make sure that your IWAM and your IUSR account have sufficient
    privilige to access the active directory. Since these accounts default to
    the local accounts database, they have not been granted access to the LDAP
    database. So this requires resetting the IWAM & IUSR account
    You can change them using the scripts in \inetpub\adminscripts\adsutil.vbs

    An other, less efficient trick is to authenticate in code and not to use
    anonymous LDAP connections...


    > Can someone tell what I am doing wrong ... or perhaps show
    > me another way to do this? Thanks in advance.
    >
    > - doug
    >
    > ---------------------------------------
    > <%
    >
    > sUserAccountName = "user10"
    >
    > Dim oRootDSE
    > Set oRootDSE = GetObject ("LDAP://rootDSE")
    > sADsPath = oRootDSE.Get("defaultNamingContext")
    > Set oRootDSE = Nothing

    %>
    >
    >
    Egbert Nierop \(MVP for IIS\), Oct 13, 2003
    #2
    1. Advertising

  3. Egbert,

    Thanks for responding. I will look into the ADSUTIL option. You mentioned
    that a less efficient option is authenticating via the code. I was
    attempting to do this but could never successfully run the code. I would
    like to know how to do this, or at least what I was doing incorrectly. Do
    you have a code sample that might help (or show me using the code I
    submitted in my original post)? Thanks, Doug

    "Egbert Nierop (MVP for IIS)" <> wrote in message
    news:...
    > "Doug Partridge" <douglas_partridge@_nospam_.yahoo.com> wrote in message
    > news:%...
    > >
    > > Hi, I have been stuck on something for a few days ... I
    > > have some code that is working on a domain controller but
    > > not a member server (running on a DC is not an option, so
    > > I must get it to work on the member server). I figured no
    > > problem, I will just provide domain user credentials in my
    > > code .... well, it has not been so easy. I run into one
    > > of two problems, when I don't provide credentials (when
    > > running on the member server) I get:
    > >
    > > Provider (0x80004005)
    > > Unspecified error
    > >
    > > when I do provide credentials, I get:
    > >
    > > Provider (0x80040E09)
    > > Permission denied.

    > You should make sure that your IWAM and your IUSR account have sufficient
    > privilige to access the active directory. Since these accounts default to
    > the local accounts database, they have not been granted access to the LDAP
    > database. So this requires resetting the IWAM & IUSR account
    > You can change them using the scripts in \inetpub\adminscripts\adsutil.vbs
    >
    > An other, less efficient trick is to authenticate in code and not to use
    > anonymous LDAP connections...
    >
    >
    > > Can someone tell what I am doing wrong ... or perhaps show
    > > me another way to do this? Thanks in advance.
    > >
    > > - doug
    > >
    > > ---------------------------------------
    > > <%
    > >
    > > sUserAccountName = "user10"
    > >
    > > Dim oRootDSE
    > > Set oRootDSE = GetObject ("LDAP://rootDSE")
    > > sADsPath = oRootDSE.Get("defaultNamingContext")
    > > Set oRootDSE = Nothing

    > %>
    > >
    > >

    >
    Doug Partridge, Oct 14, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Connell
    Replies:
    1
    Views:
    524
    Natty Gur
    Oct 21, 2003
  2. raj mandadi
    Replies:
    0
    Views:
    412
    raj mandadi
    Dec 22, 2003
  3. Brett Porter
    Replies:
    2
    Views:
    736
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  4. Mark
    Replies:
    0
    Views:
    663
  5. Brett Porter
    Replies:
    5
    Views:
    566
    Brett Porter
    Feb 3, 2004
Loading...

Share This Page