Does ASP 2 have access to NT4 User Groups?
Hello, I can access NT user names in ASP using the
server variable LOGON_USER. But I have been made aware
of my requirement in my application to allow is disallow
access to certain resources based on what NT Group a user
is a member of.
So far I have controlled permissions based on groups
at the file system level. However now I need the ability
to not grant/deny permission to a certain file, but
grant/deny permission to certain links, functions, etc
within an ASP application.
Within ASP, accessed through http, is there a way to determine
what group a user is a member of? This is on NT4 IIS4.
Thanks
Josh
# 1 Re: Does ASP 2 have access to NT4 User Groups?
Josh,
You should be able to get all of the information that you need via ADSI
(Active Directory Service Interfaces). It allows you to add, change and
remove just about everything in a NT domain (users, groups, computers, etc).
You can learn more about it at www.microsoft.com/adsi . Download the Help
file- it's full of examples. This is built into Win2k. I believe that a
limited version of this dll installs on NT4 with IIS. For NT 4, you may
have to download and install the newer version (2.5).
Here is their VB example to list the groups that a user belongs to:
Dim usr as IADsUser
Dim grp as IADsGroup
Set usr = GetObject("WinNT://ArcadiaBay/JSmith,user")
For Each grp In usr.Groups
Debug.Print grp.Name & " (" & grp.Class & ")"
Next
A couple of things about their example:
1) for early binding (in VB), check a reference to "Active DS Type Library"
(System32\activeds.tlb)
2) This example uses a computer named "ArcadiaBay" and user named "JSmith",
but doesn't specify the domain. This will work, but the GetObject may be
very slow (around 20 secs). To speed it up (instant call) make sure you
specify the domain before the computer name. For example:
GetObject("WinNT://MyDomain/ArcadiaBay/JSmith,user")
3) ADSI is fast. If you find any calls that don't come back instantly, play
around with the syntax. A lot of things will work without being very
specific, but slowly.
There is also a lot of ADSI info (and a wealth of other ASP info) at
http://www.15seconds.com
-Rich
# 2 Re: Does ASP 2 have access to NT4 User Groups?
Great, thanks for your help.
I had found something like this on MSDN.
However I had not considered it since I don't run active
directory. But I'll see if I can get ADSI set up.
Thanks!
Josh
"Rich Bramande" <richb500@hotmail.com> wrote:
>Josh,
> You should be able to get all of the information that you need via ADSI
>(Active Directory Service Interfaces). It allows you to add, change and
>remove just about everything in a NT domain (users, groups, computers, etc).
>You can learn more about it at www.microsoft.com/adsi . Download the Help
>file- it's full of examples. This is built into Win2k. I believe that
a
>limited version of this dll installs on NT4 with IIS. For NT 4, you may
>have to download and install the newer version (2.5).
>
>Here is their VB example to list the groups that a user belongs to:
>
>Dim usr as IADsUser
>Dim grp as IADsGroup
>
>Set usr = GetObject("WinNT://ArcadiaBay/JSmith,user")
>For Each grp In usr.Groups
> Debug.Print grp.Name & " (" & grp.Class & ")"
>Next
>
>A couple of things about their example:
>1) for early binding (in VB), check a reference to "Active DS Type Library"
>(System32\activeds.tlb)
>2) This example uses a computer named "ArcadiaBay" and user named "JSmith",
>but doesn't specify the domain. This will work, but the GetObject may be
>very slow (around 20 secs). To speed it up (instant call) make sure you
>specify the domain before the computer name. For example:
>GetObject("WinNT://MyDomain/ArcadiaBay/JSmith,user")
>3) ADSI is fast. If you find any calls that don't come back instantly,
play
>around with the syntax. A lot of things will work without being very
>specific, but slowly.
>
>There is also a lot of ADSI info (and a wealth of other ASP info) at
>http://www.15seconds.com
>
>-Rich
>
>
# 3 Re: Does ASP 2 have access to NT4 User Groups?
"Joshua Gunder" <jgunder@comarco.com> wrote in message
news:39b04ba8$1@news.dev-archive.com...
> Great, thanks for your help.
Your welcome.
> However I had not considered it since I don't run active
> directory. But I'll see if I can get ADSI set up.
We don't run Active Directory either - all of our servers are NT 4. You
don't need to run Active Directory for this to work and the setup is
actually very simple. Like I said, when you install IIS (Option Pack 4) on
NT4, ADSI is installed with it. You should be able to get this working
without even upgrading to ADSI 2.5. If you are running on Win2k, this will
still work even if you are using domain based security.
-Rich
# 4 Re: Does ASP 2 have access to NT4 User Groups?
you don't need Active Dir to use ADSI - the WinNT: object ref in the call
to GetObject() means use the SAM, not AD. BTW, using ADSI is really slow
compared with using the NetXXXX APIs. However, you need to understand c/c++
to use the latter.
your call :-)
MH
"Joshua Gunder" <jgunder@comarco.com> wrote:
>
>Great, thanks for your help.
>I had found something like this on MSDN.
>However I had not considered it since I don't run active
>directory. But I'll see if I can get ADSI set up.
>Thanks!
>
>Josh
>
>"Rich Bramande" <richb500@hotmail.com> wrote:
>>Josh,
>> You should be able to get all of the information that you need via ADSI
>>(Active Directory Service Interfaces). It allows you to add, change and
>>remove just about everything in a NT domain (users, groups, computers,
etc).
>>You can learn more about it at www.microsoft.com/adsi . Download the Help
>>file- it's full of examples. This is built into Win2k. I believe that
>a
>>limited version of this dll installs on NT4 with IIS. For NT 4, you may
>>have to download and install the newer version (2.5).
>>
>>Here is their VB example to list the groups that a user belongs to:
>>
>>Dim usr as IADsUser
>>Dim grp as IADsGroup
>>
>>Set usr = GetObject("WinNT://ArcadiaBay/JSmith,user")
>>For Each grp In usr.Groups
>> Debug.Print grp.Name & " (" & grp.Class & ")"
>>Next
>>
>>A couple of things about their example:
>>1) for early binding (in VB), check a reference to "Active DS Type Library"
>>(System32\activeds.tlb)
>>2) This example uses a computer named "ArcadiaBay" and user named "JSmith",
>>but doesn't specify the domain. This will work, but the GetObject may
be
>>very slow (around 20 secs). To speed it up (instant call) make sure you
>>specify the domain before the computer name. For example:
>>GetObject("WinNT://MyDomain/ArcadiaBay/JSmith,user")
>>3) ADSI is fast. If you find any calls that don't come back instantly,
>play
>>around with the syntax. A lot of things will work without being very
>>specific, but slowly.
>>
>>There is also a lot of ADSI info (and a wealth of other ASP info) at
>>http://www.15seconds.com
>>
>>-Rich
>>
>>
>
