Hi

Im have created a customer login are which verifies username/password and then also a security ID from a SQL table. Theres are 4 ID available and depending on the value a user will be redirected/have access to certian pages.

I would like to use NT local usernames and passwords instead. Is there a way getting the username/password & GroupMemebership of a local NT account instead of using a DB and then just use NTFS permissions to secure certian pages? This seems possible with ASP.net.

Any sugestions?

Regards
M

Such is Life!

basically i did something like that, but without using groupmembership etc.

I still have a table, "users", which is fed automatically with a new user, each time a new user opens a web page (so one has an auto-logon).

In each page i have an include that checks if the nt-name is in a certain cookie. If not, it redirects to the default-page.

In the default page i read the nt-name: request.servervariables("AUTH_USER") and i look if i can find it in my users-table. If not, i create a new entry in the table and i recall the default-page (with a querystringvariable x=1 meaning i'm recalling it). If i find it in the user-table, i read the data from the tabel and put it in cookies.

If i was recalling the default-page (x=1) and i still don't find something, i redirect to an error-page (otherwise i would end up in a neverending loop, maybe writing endlessly entries into the usertable).

The user itself can change a few items in the usertable calling another asp-page.

Besides that table, i have a table with userpermissions.

Now i know i'm not using the group-info etc., therefore you must use the active-directory or the ldap objects.

I tried that in a few ways (main reason to get the emailadress), and sometimes it worked, sometimes not, i lost a lot of time on it and i have too little background in that matter to find the reason why and to construct something robust and consistent that will ALWAYS work.

bye,
mndrx

btw, i use ASP 3, not asp.net

Thanks for your reply. I have managed to put something together like this:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
'sUserName = "userweb"
' for current user, use this
Set oNetwork = CreateObject("WScript.Network")
sUserName = oNetwork.UserName

sDomain = "servername"

Set oUser = GetObject("WinNT://" & sDomain & "/" & sUserName & ",user")

For Each oGroup In oUser.Groups
 'response.write(oGroup.Name)
Select Case(oGroup.Name)
    Case "Group A"
    'Response.write("Group A")
    Response.Redirect("B.asp")
    Case "Group B"
    'response.write("Yay")
    Response.Redirect("A.asp")
    Case "Group C"
    response.Redirect("Z.asp")
    Case "Group D"
    Response.redirect("Y.asp")
End Select
Next
%>

This seem to work OK, only thing is the NTFS permission become a bit of a head ache, adding clients, more groups ect. My problem is that the Windows logon of the users could be anything as they "net" users. Im also running a Jave App within this area that only uses NT accounts (where my problem Started) I thing it would be worth while exploring some other options.

Thanks
Marnus

Such is Life!

Maybe you could make a table with the groups and their redirectpages.
In the page you described, you then go looking in your table for the group (and the location for the redirection). If it doesn't exists yet, you add it, together with a blanco redirectpage, the user is taken to an errorpage, and you send yourself an email that a new group is added (or make a page with a query that shows all the new groups).

bye,
mndrx

Hi friend ... sorry me for no god english... ( i'm Italian from Napoli)

i use your script (i have the same prob as you) but is i use the line:
Set oNetwork = CreateObject("WScript.Network")
sUserName = oNetwork.UserName
to intercept the login username the code go in error, instead if i use susername = "real username" the code work very fine....
Have idea?
Sal.

An interesting cross post

http://p2p.wrox.com/topic.asp?TOPIC_ID=68612

Wind is your friend
Matt
www.elitemarquees.com.au