If Else query is empty

Question

I am using CFLDAP to have users get authenticated using active directory. I am trying to write an if statement in case the users information does not come back as authenticated. I thought I could check by using <cfif AuthenticateUser.RecordCount gt 0> which is working as long as the information is correct but if the wrong information is entered and nothing is authenticated it is not running the else statement. Any help with this would be greatly appreciated!

<cfldap action="query"
              name="AuthenticateUser"
              attributes="dn,mail,givenname,sn,samaccountname,memberof"
              start="DC=domain,DC=net"
              filter="(&(objectclass=user)(samAccountName=#trim(form.user_name)#))"
              server="servername"
              Port="389"
              username="tc\#trim(form.user_name)#" 
              password="#trim(form.user_pass)#">
<cfoutput>#AuthenticateUser.RecordCount#</cfoutput>
<!--- Get all records from the database that match this users credentials ---> 
<cfquery name="userVerify" datasource="test">
    SELECT  *
    FROM    dbo.Users
    WHERE   user_name = <cfqueryparam value="#AuthenticateUser.samaccountname#" cfsqltype="cf_sql_varchar" />
</cfquery>
<cfif AuthenticateUser.RecordCount gt 0> 
    <!--- This user has logged in correctly, change the value of the session.allowin value ---> 
    <cfset session.allowin = "True" /> 
    <cfset session.employee_number = userVerify.employee_number /> 

     <!--- Now welcome user and redirect to "index.html" ---> 
    <script>  
        self.location="../dashboard/dashboard.cfm"; 
    </script> 
<cfelse> 
    <!--- this user did not log in correctly, alert and redirect to the login page ---> 
    <script> 
        alert("Your credentials could not be verified, please try again!"); 
        self.location="Javascript:history.go(-1)"; 
    </script> 
    </cfif> 

I have also tried: <cfif len(AuthenticateUser)>

Answer 1

I think it throws an error when the query fails. Try this:

<cftry>
    <cfldap  action="query"
              name="AuthenticateUser"
              attributes="dn,mail,givenname,sn,samaccountname,memberof"
              start="DC=domain,DC=net"
              filter="(&(objectclass=user)(samAccountName=#trim(form.user_name)#))"
              server="servername"
              Port="389"
              username="tc\#trim(form.user_name)#" 
              password="#trim(form.user_pass)#">
   <cfset LoginStatus = "Success">
   <cfcatch type="any">
       <cfset LoginStatus = "Failed">
   </cfcatch>
</cftry>

Then your cfif would be something like this:

<cfif LoginStatus eq "Success"> 
    <!--- This user has logged in correctly, change the value of the session.allowin value ---> 
    <cfset session.allowin = "True" /> 
    <cfset session.employee_number = userVerify.employee_number /> 

     <!--- Now welcome user and redirect to "index.html" ---> 
    <script>  
        self.location="../dashboard/dashboard.cfm"; 
    </script> 
<cfelse> 
    <!--- this user did not log in correctly, alert and redirect to the login page ---> 
    <script> 
        alert("Your credentials could not be verified, please try again!"); 
        self.location="Javascript:history.go(-1)"; 
    </script> 
</cfif> 

I think this works on CF9.

Answer 2

This is a formatted comment. You are trying to do too much at once. Go one step at a time. Start with this:

<cfdump var="before cfldap tag<br />">

<cfldap action="query"
          name="AuthenticateUser"
 etc
 >
<cfdump var="after cfldap tag<br />">
<cfdump var = "#AuthenticateUser#">
<cfdump var="after cfdump<br />">

Run this code with both valid and not valid credentials. Look at what you get. React accordingly.

Answer 3

This is how I do it. I try to run a query against our domain using the supplied username and password. If the supplied username and password are not valid, an error is generated.

<cftry>
    <cfldap action="Query"
        name="ADResult"
        attributes="dn"
        start="DC=domain,DC=net"
        filter="sAMAccountName=administrator" 
        server="servername"
        scope = "subtree"
        username="#arguments.username#"
        password="#arguments.password#" />

    <cfset isAuthenticated = true />
<cfcatch type="any">
    <cfset isAuthenticated = false />
</cfcatch>
</cftry>

<cfreturn isAuthenticated />

I wrap this up in a function called "authenticate" and expose it via a web service that I call from my apps. If I then need additional details about the user (mail, givenName, etc), I have another function in the same web service that I will call after I am sure the user has been authenticated. Note that in this other function I'm using my administrator username and password to run the query.

<cfldap action="Query"
    name="ADResult"
    attributes="mail,givenName"
    start="DC=domain,DC=net"
    filter="sAMAccountName=#arguments.username#" 
    server="servername"
    scope = "subtree"
    username="administrator"
    password="myAdminPassword" />

I take the results of this, populate a query object or a structure, and return that to the calling function.

So the entire process sort of looks like this:

<cfset objAD = createobject("webservice", "http://mywebservice.com") />
<cfset isAuthenticated = objAD.authenticate(form.username, form.password) />
<cfif isAuthenticated>
    <cfset userDetails = objAD.getUserDetails(form.username)>
</cfif>

Hope this helps.