LDAP authentication for Domino using ASP

get an LDAP client for .NET, you will be able to use it from your asp.net code (i'm assuming youre on asp.net and not just raw asp), connect to the ldap server and have it evaluate if that uid/passwd pair exists.

If the ldap validation procedure tells you that specific uid/passwd pair exists, then setting the validation cookie is actually pretty easy, just use forms authentication, to create a validation cookie you can use

FormsAuthentication.SetAuthCookie(uid, false)

or (if you want to control the page the user sees first):

FormsAuthentication.SetAuthCookie(uid.Value, False);
Response.Redirect("secureDirectory/somepage.aspx")

you can very easily secure directories in the web.config file of your app,
you can use something like this (if you wanted to secure the ./members directory)
<location path="members">
<system.web>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
</system.web>
</location>
Also in the web.config file, you can specify the login page for users who try to access protected resources without validating first.

if you are comunicating to an LDAP daemon, you probably will want that connection secured through encryption. Also, you might want to not actually store passwords in clear text in the ldap, but maybe store passwd hashes. Try sha (it comes included with .net) using non-random salt is easier like so: (assuming VB)

Dim passwdWithSalt As Byte() = Encoding.UTF8.GetBytes(uid.ToString + passwd)
Dim passwdWsaltHash As String = Convert.ToBase64String(hash.ComputeHash(passwdWith Salt))

Also, you might want to have communication encrypted from the web server to the client web browser. You can do it with any SSL certificate. It's a good idea for maintenance reasons to use some httpmodule to selectively serve certain specific pages in SSL.

Does this help?

Hi elmemo,
Thanks for your reply but i need this to be done without a .net framework.The requirement is i need a HTML page which contains two text box one is user name and the other is the password and a button named login on clicking the login button the asp should validate the ldap authentication mechanism that looks for the user name and password in the domino server and create a session if it validates else return a error message.How can this be done please help me out Thanks in Advance!!!!

hi,

If you can, consider switching to .net for easier implementation (here's a ready-made control for ldap logins in asp.net 2.0 complete with an exa mple on how to do your validation: http://www.its.niu.edu/its/www/sharedlib/utilities/ldap/usagedoc/UsingLDAPLoginControl.html
) Also .net 2 would allow for easy session control / authentication / encryption

In case you have to stay on vanilla asp, then you will need an ldap library you can use from your asp code, but in general you can follow that example.

hope this helps

Hi Mr.elmemo,
I first of all thank you for the website that you forwarded me.It was great help to me thank you.Mr.elmemo can the user name and password authentication check using ldap authentication mechanism done on a domino server.

The requirement what i need is as follows.
The username and password information will be available in the domino server. The names and password are given in the html file and on the button click the ASP.NET file should be called and should validate against the domino server and return true if it is authenticated with a domino server else it should return false.The ASP.NET file should look for the names available in the Domino Server.

Please tell me how this can be done??as it will be more helpful for my project completion.
Thanks in Advance!!!

sure,

basically, you need to connect to the ldap server specifying the username and password in the ldap "url" . in the end you are going to run the FindOne() method on your ldap connection object with arguments that specify a uid and a passwd. Then you compare whether the FindOne() method returned null (in which case the user was NOT authenticated).

I found two pages on the web that talk about authenticating against LDAP servers. They don't talk exactly about domino ldap, but they talk about active directory (microsoft's ldap server) and sun ldap. I'm sure you could probably use the same code or modified just a little bit because sometimes ldap implementations are different between servers.

the first one talks about how to do authentication against active directory (which is nothing but windows own ldap server) you find it here
http://www.codeproject.com/aspnet/ac...rectoryuse.asp

the second one talks about authenticating against sun ldap server, you find it here
http://www.experts-exchange.com/Prog...estCookie=true
(you might need to subscribe to the site to view the solution)

hope that helps