'************************************** ' Name: Authenticate against Windows NT/ ' 2000 Domain ' Description:This code will take the us ' ers username and password from a form an ' d use them to authenticate them against ' a Windows NT/2000 domain. Unlike other e ' xamples, you do not need to switch on 'B ' asic' or 'Integrated Windows' permission ' s for the webite on IIS. You can leave t ' he setting as Anonymous Access. ' By: MarkParter (from psc cd) ' ' ' Inputs:Form inputs ' ' Returns:Whether or not the users has b ' een authenticated ' 'Assumes:Make sure that the site being p ' rotected is set to Anonymous Authenticat ' ion and that the users using the site al ' l have Windows accounts. ' 'Side Effects:This is highly insecure ov ' er the Internet. I recommend you use SSL ' to protect user details. Also, only protects ASP pages. '************************************** 'Place the following in your ASP page ha ' ndling the server-side authetication. '*************************************** ' ********* <% Dim objADSI, strUsername, strPassword, strDomain strUsername = Trim(Request.Form("txtUsername")) strPassword = Trim(Request.Form("txtPassword")) strDomain = "Intranet" 'you can easily change this to retrieve ' the domain from a form aswell Set objADSI = GetObject("WinNT://" & strDomain) Dim strADsNamespace Dim objADSINamespace strADsNamespace = Left("WinNT://" & strDomain, InStr("WinNT://" & strDomain, ":")) Set objADSINamespace = GetObject(strADsNamespace) Set objADSI = objADSINamespace.OpenDSObject("WinNT://" & strDomain, strDomain & "\" & strUsername, strPassword, 0) ' If there's no error then the user has ' been authenticated! If Err.Number <> 0 Then 'authentication failed 'code here for failed authentication Session("authenticated") = False Else 'code here for authentication success Session("authenticated") = True End If Set objADSINamespace = Nothing Set objADSI = Nothing Set strUsername = Nothing Set strPassword = Nothing Set strDomain = Nothing Set strADsNamespace = Nothing %> '*************************************** ' ******** At the top of all your protected ASP pages place the following: <!-- #INCLUDE file="check.asp" --> Make sure you check the path to the file, if necessary make it an absolute include, i.e. <!-- #INCLUDE file="http://www.yoursite.co.uk/check.asp" --> '*************************************** ' ********* create a file called check.asp, in it place the following code: <% If Session("authenticated") <> True Then Session.Abandon 'clear any session variables Response.Redirect "login.asp" 'kick them back to the login page End If %>