Sign in
 
HomeLibraryLearnDownloadsRepositoryCommunityForumsBlog
Script Center >
automate an ldap login to a webpage

Answered automate an ldap login to a webpage

  • Thursday, July 12, 2012 1:02 AM
     
     
    Sign In to Vote
    0

    I have a proxy that uses LDAP against my AD to authenticate my users.  The problem is LDAP is not transparent and when the user open a browser it prompts them to login either with the traditional windows prompt or I can use a form.  WHat I would like to do is at login is run a script that will first generate a request to the proxy (can be anything, just a simple get etc) that will generate the login request and then pass the login info to the proxy either via the traditional popup or form used etc.  THis was the login is automatic and the user doesnt have to fill in the details.  Its ok if there is a popup for a few seconds (although it wold be even better to not have one) provided the user does not have to interact with the logon prompt.

    I am pretty noob at scripting although I know a decent amount about AD LDAP attributes etc.  Any help would be great.

     

All Replies

  • Thursday, July 12, 2012 1:39 AM
     
     
    Sign In to Vote
    0

    You 8would need to post this in teh IIS forum as it is a web question.

    Proxy servers will not allow you to bypass their secutity in this way.

    Sorry.

    ¯\_(ツ)_/¯

     
  • Thursday, July 12, 2012 7:45 AM
    Moderator
     
     
    Sign In to Vote
    0

    jrv is right that this is not the correct forum, a script to type in use credentials is not the correct solution since you would need to store the user password somewhere.

    you should check if you have windows authentication enabled on the IIS site, otherwise it will ask every time.

    But, yes this is IIS settings and for more help try the IIS forum.

    Best Regards
    Jakob Gottlieb Svendsen
    Trainer/Consultant - Coretech A/S - Blog
    MCT - MCTS - VB.NET - C#.NET - Powershell - VBScript Mastering System Center Orchestrator 2012 - 3 day workshop - worldwide training click here

     
  • Thursday, July 12, 2012 1:27 PM
     
     
    Sign In to Vote
    0

    None of this will help you get past a proxy server.  This question comes up frequestly because users want to automate work but compies control access to tej Interet with a proxy server that requires authentication. In some cases the authentication is required on every URL that is reqquested from the browser.

    These proxy servers are gernerally designed to prohibit non-interactive authentication.  When an emplyee needs to use external resources for teh jobe the rules can be rtelaxed but acess to non-planned sites may take a number of authorizations to getr a job done.  Each authoriation will present a CHAP signin or a similar dialog. 

    None of this has anything to do with LDAP.

    There is no known way to automatically authenticate to a proxy server through another web server.

    ¯\_(ツ)_/¯

     
  • Thursday, July 12, 2012 7:59 PM
     
     
    Sign In to Vote
    0
    you can be nice to the IT guy at work and ask for some help on this at points in time when setting up LDAP. In addition,  active directory needs certain permissions to do tasks but probably need to make site shown in IT admins whitelist to get it working.

    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://jefferycarlsonblog.blogspot.com/

     
  • Thursday, July 12, 2012 8:09 PM
     
     
    Sign In to Vote
    0

    Except that intenal web sites do not go through the proxy server.

    The question is how to build a web site that can let a user bypass teh proxy.  You can't! That is the whol point of the proxy that requires authentication.  No one and nothing can bypass it without authentication. 

    This is another case of someone wanting to remove or disable a security feature.

    ¯\_(ツ)_/¯

     
  • Thursday, July 12, 2012 8:13 PM
     
     
    Sign In to Vote
    0

    Of course there is n outside possibility that teh question (its badly worded) is really asking how to prevent teh web pag efrom challenging on a user who is already logged int oActive directory.

    The answer to that is to set authentication to use 'Windows Integrated" (WIndows Authentication in IIS7). This was msotly addressed in Jakob's response.

    I am just not sure that that is the question.

    ¯\_(ツ)_/¯

     
  • Thursday, July 12, 2012 8:52 PM
     
     
    Sign In to Vote
    0
    Yes windows integrated authenication is necessary because i've played around with server 2003 for many years on a personal note. I think this involves more security settings though in IIS as stated above then adding someone to a whitelist but wouldnt help. You need to ask about security settings on the IIS forum and go to asp.net because their is a lot of questions like this answered their about ldap logon and automating.  What you need to do is take the currently logged on user using a vbscript to auto login i think from reading how it was done on asp.net forums but  need to configure IIS for windows authication for this to work. You can have an intranet website have different security settings if need be.

    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://jefferycarlsonblog.blogspot.com/




    • Edited by The Thinker Thursday, July 12, 2012 8:57 PM
    •  
     
  • Thursday, July 12, 2012 9:00 PM
     
     
    Sign In to Vote
    0
    But overall i think this needs to be routed to asp.net forums but too bad theirs not a way to transfer people over their (Only if ops  using asp.net) 

    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://jefferycarlsonblog.blogspot.com/



    • Edited by The Thinker Thursday, July 12, 2012 9:01 PM
    •  
     
  • Sunday, July 15, 2012 11:28 PM
     
     
    Sign In to Vote
    0

    Of course there is n outside possibility that teh question (its badly worded) is really asking how to prevent teh web pag efrom challenging on a user who is already logged int oActive directory.

    The answer to that is to set authentication to use 'Windows Integrated" (WIndows Authentication in IIS7). This was msotly addressed in Jakob's response.

    I am just not sure that that is the question.

    ¯\_(ツ)_/¯

    Yes I think I didnt word it correctly.  This is what happens.  A user opens a browser to go to the internet.  The browser is configured to use a proxy which is configured to use LDAP auth (against AD).  When initially opening the browser the proxy directs you to an "internal" site which is in actuallity a simple URL hosted on the proxy itself that presents a login form.  The user is meant to enter their login details here, the proxy then talks to LDAP and confirms the users credentials and if its all ok the proxy gives the user a cookie for a few hours so they dont get prompted again.

    Now my question was can a run a script at logon to request that "internal" page hosted on the proxy automatically (this much I know is easily possible) but then automatically pass the users credentials to the form and submit the form.

    Is that mreo clear?  Sorry I confused everyone :)

     
  • Monday, July 16, 2012 12:07 AM
     
     Answered
    Sign In to Vote
    0

    None of what you posted is meaningful.

    The user is required to do an explicit login against a proxy server.  The location and type of credentials are not important.

    The answer is, that by design, teh prx y will not allow you to doe this.  The proxy is designed to prevent exactly what you are trying to do.

    Sorry - you cannot do this.  Call your network administrators.  They will be better able to explain to you why this is not possible.

    ¯\_(ツ)_/¯

     
  • Monday, July 16, 2012 2:45 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Now my question was can a run a script at logon to request that "internal" page hosted on the proxy automatically (this much I know is easily possible) but then automatically pass the users credentials to the form and submit the form.

    If I understand the question, the answer to your question is "No" unless the "internal" web server supports integrated Windows authentication. But as already noted this is not correct forum for this question. The best place to ask this would be the vendor of your product.

    Bill