Authentification from a SAM base

[Mika]

Hello,
I'm actually looking for a way to authentificate users from the
authentification base SAM of a WindowsServer2003.
I have to do it from a web-page wrote in ASP.NET(VB).

During my searchs I've found some technology wich could be helpful. It's the
Windows WMI and ADSI. But I'm still a student who have learn Computer Science
just for 2years and this is a bit complex for me.

I'm looking for someone who have done something similar and if YOU didn't, I
would be glad if you could give me some ideas or leads.
Thank you for your help!

MIKA

 

[Joe Kaplan \(MVP - ADSI\)]

Just use Windows authentication is IIS. It will authenticate local users.
Basic or IWA will work fine.

Why try to write code for this?

If you absolutely have to write code, calling the LogonUser API is the best
way to go. Using ADSI or WMI is likely to be flakey, although you can try
using the DirectoryEntry with the WinNT provider to do it.

Joe K.

 

[Mika]

Thank you for your answer.
The point is that the users will not use the same login/password than they
entered to Windows. I'm in a big University and there is the main domain on
wich everybody log-in.
But I work on another serveur with his own user/login for just the
ComputerScience students on wich they upload their files and other things.

So I think I cannot use the IIS.

I hope you will have a solution for this complex structure.
MIKA

 

[Dominick Baier [DevelopMentor]]

then the users will get the normal IIS login dialog where they can authenticate
with their credentials for that server

 

[Mika]

I've tried to use the "Windows" authentication and I denied access to
unidentified users but it didn't work.
I try lot of combinations, with forcing ipersonation or not, with consulting
the page after put it on the server or from the local machine with the
built-in interpretorof Web-Matrix. No-one works.

I hope solving this problem with ISS will solve everything but I'm afraid
that I have to look for a way to query the SAM base.

Thank you for your reaction and suggestions about all of it.

MIKA

 

[Dominick Baier [DevelopMentor]]

hi,

sorry - but integrated auth does *exactly* what you are asking for - authenticate
against local or domain windows accounts. Something substantial must be wrong.

 

[Mika]

Ok, I'm happy to learn that if I can solve this IIS authentication, all my
problem will be solve.

Here is the last web.config I tested.
<configuration>
<system.web>
<authentication mode="Windows" />
<machineKey validationKey="AutoGenerate"
decryptionKey="AutoGenerate" validation="SHA1"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

and here is my default.aspx page :
<%@ Page Language="VB" %>
<%@ import Namespace="System.Web.Security " %>
<script runat="server">
Sub Page_Load(Src As Object, E As EventArgs)
lblUser.Text = "<b>Your user name is:</b> " & User.Identity.Name
lblType.Text = "<b>Your Authentication type is:<b> " &
User.Identity.AuthenticationType
End Sub
Sub Logout_Click(Src As Object, E As EventArgs)
FormsAuthentication.SignOut()
Server.Transfer("login.aspx")
End Sub
</script>
<html>
<head>
</head>
<body>
<form runat="server">
<asp:Label id="lblUser" runat="server"></asp:Label>
<br />
<asp:Label id="lblType" runat="server"></asp:Label>
<br />
<asp:button id="Button1" onclick="Logout_Click" runat="server"
text="Logout"></asp:button>
</form>
</body>
</html>


Do you see what is wrong ?

 

[Dominick Baier [DevelopMentor]]

several points

- 1st of all this - do you hit your page? of does IIS deny access
- how are the ACLs in your web directory?
- which IIS version / which ASP.NET version?
- why FormsAuthentication API if you are doing Windows auth?

check out this troubleshooting page (2.0 only) - copy it in your web dir...

http://www.leastprivilege.com/ShowContextsAnotherUpdateIAdmitIt.aspx

 

[Mika]

I can see a page without username and authentication type if I run it from
the server on the local macine. But if I run it from the server there is an
error message :

Server Error in '/' Application.
--------------------------------------------------------------------------------

Runtime Error
Description: An application error occurred on the server. The current custom
error settings for this application prevent the details of the application
error from being viewed remotely (for security reasons). It could, however,
be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable
on remote machines, please create a <customErrors> tag within a "web.config"
configuration file located in the root directory of the current web
application. This <customErrors> tag should then have its "mode" attribute
set to "Off".

Even if I put in my webconfig :
<configuration>
<system.web>
<customErrors mode="on" defaultRedirect="ShowContexts.aspx"/>
</system.web>
</configuration>
I'm not redirected to this page when there is the "runtime error".


The permissons on my folder is read and write for me and read for any others.

My supervisor tell me that it's the 1.1 version of ASP.NET and 6 of IIS.


It's that because sometimes during my tests I forgot some old tags in the
web.config.

 

[Mika]

Finally my supervisor accept my demand to give up the authentication with the
SAM base. Now I authenticate users with a simple Access Database.

I would like to thank everyone who helped my. Even if the solutions you give
me will not be used, I learn a lot thanks to you.

MIKA