get an LDAP client for .NET, you will be able to use it from your asp.net code (i'm assuming youre on asp.net and not just raw asp), connect to the ldap server and have it evaluate if that uid/passwd pair exists.
If the ldap validation procedure tells you that specific uid/passwd pair exists, then setting the validation cookie is actually pretty easy, just use forms authentication, to create a validation cookie you can use
FormsAuthentication.SetAuthCookie(uid, false)
or (if you want to control the page the user sees first):
FormsAuthentication.SetAuthCookie(uid.Value, False);
Response.Redirect("secureDirectory/somepage.aspx")
you can very easily secure directories in the web.config file of your app,
you can use something like this (if you wanted to secure the ./members directory)
<location path="members">
<system.web>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
</system.web>
</location>
Also in the web.config file, you can specify the login page for users who try to access protected resources without validating first.
if you are comunicating to an LDAP daemon, you probably will want that connection secured through encryption. Also, you might want to not actually store passwords in clear text in the ldap, but maybe store passwd hashes. Try sha (it comes included with .net) using non-random salt is easier like so: (assuming VB)
Dim passwdWithSalt As Byte() = Encoding.UTF8.GetBytes(uid.ToString + passwd)
Dim passwdWsaltHash As String = Convert.ToBase64String(hash.ComputeHash(passwdWith Salt))
Also, you might want to have communication encrypted from the web server to the client web browser. You can do it with any SSL certificate. It's a good idea for maintenance reasons to use some httpmodule to selectively serve certain specific pages in SSL.
Does this help?
