Solved

Retrieving User information

Posted on 1998-04-30
8
260 Views
Last Modified: 2008-02-01
Hello,

I am trying to implement a Smart Card reader for security reasons into the NT logon sequence.

Question is: How do I retrieve the user information (user, domain, password etc) from C++?

When this is done I will verify the current user against his/hers smart card.

How can I make this verification happen directly after the user logon sequence in the NT4.0 environment?

Appreciate help with this issue!

Best regards, Anders Karlsson
0
Comment
Question by:Kalle 2
8 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 1168297
0
 

Author Comment

by:Kalle 2
ID: 1168298
Yes I have looked at it.
The Drive I am using at the moment does not support the
standards so I figured using the API supplied with the
Drive (ASEDrive v1.4) and make my own calls to NT Security (SSPI)
to verify the Card.

So what I am looking for is some kind of directions telling me which
function calls to use and what I need to establish to retrieve the current
users name, domain and password.

And my second question, how to make this verification happen
directly after the logon sequence so that I can choose to logoff
the user directly if the Userid - Smartcard doesn't match.

// Anders Karlsson
0
 
LVL 2

Expert Comment

by:lortega
ID: 1168299
there are one api, but not necesary compatible betwen NT and 95,

BOOL LogonUser(
    LPTSTR lpszUsername,// string that specifies the user name
    LPTSTR lpszDomain,//str that specifies the domain or server
    LPTSTR lpszPassword,// string that specifies the password
    DWORD dwLogonType,// specifies the type of logon operation
    DWORD dwLogonProvider,// specifies the logon provider
    PHANDLE phToken// pointer to variable to receive token handle
   );      


a. you can store some of the login information on smartcard
b. try to logon with that information
c. if logon succed then ok else do your message to inform that
d. the last parameter is good for other calls tha you can use, calls like CreateProcessAsUser or ImpersonateLoggedOnUser.

i hope this will help you,
lortega
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:Kalle 2
ID: 1168300
Yes, this would do. The problem I am having is that the
existing NT logon is still there and I don't believe I can override
this in any way.
So what I want is not to logon to the system, it is retrieveing the
already given user+password to verify if the user logged on
matches the one given on the Smart card supplied by the user.

This is not the best solution, that would be incorporating the
Smart card control into the current NT login sequence itself
but I think (?) that would be to hard to accomplish, am I right?

// Anders Karlsson
0
 
LVL 2

Expert Comment

by:gantriis
ID: 1168301
Hej Anders.

What you need is to replace the GINA (Graphical Identification and Authentication DLL) on the Windows NT systems that will use the SmartCard reader.

Microsoft Visual C++ contains a sample project (\samples\sdk\winnt\security\gina) that shows you all the functions that such a GINA replacement needs to handle (all the ways it is expected to interact with WinLogon).

Building your own GINA is not an easy task, but to accomplish the task you are describing you would probably like to:

1. Start by installing and compiling the VC++ sample project.
2. Insert the routines that will verity the user on some external device of your choise (Smartcard reader, camera, microphone or whatever you can think of).

You might also find the below general information about the functions that your GINA is expected to take care of useful:

http://premium.microsoft.com/msdn/library/devprods/vc++/vcsamples/f14/f20/d4f/s1cf6f.htm

http://premium.microsoft.com/msdn/library/specs/winntsec/f1/d2/s119e9.htm

http://premium.microsoft.com/msdn/library/specs/winntsec/f1/d2/s119f4.htm

Med venlig hälsning
Gantriis
0
 
LVL 1

Expert Comment

by:dreamPeace
ID: 1168302
Perhaps you should look into the system/windows.ini and try to change the shell to be the login procedure? U can use the registry to check the current username, and the WinLogon will take care of password. Shell will simply fail if the authentication fails...
0
 

Accepted Solution

by:
naveedi earned 100 total points
ID: 1168303
The identification and authentication aspects of the logon are implemented in the GINA DLL. By default the standard GINA is MSGINA.DLL. This can be replaced so you can do your own authentication. The WinLogon process can also load additional network provider DLLs. Secondary authentication can occur here. It sounds to me like you want WinLogon GINA to validate the user's NT domain login. You then want your card reader, implemented as a network provider DLL, to do a seconary authentication. If both these tests are good allow the logon to proceed. You will probally have to implement your own GINA because by default the WINAPIWlxLoggedOutSas will not return password information to secondary network provider DLLs. Your GINA implementation will have to insure that the parameter [OUT] PWLX_MPR_NOTIFY_INFO pMprNotifyInfo for WINAPIWlxLoggedOutSas function points to valid password info. This parameter can than be used by your secondary network provider DLL to do your SmartCard validation.



How to get the domain name?
How to get the user name?
How to get the password?

All this information is part of the WLX_MPR_NOTIFY_INFO  structure that your GINA implementation will pass back to your secondary network login DLL.


From WINWLX.H
-------------
typedef struct _WLX_MPR_NOTIFY_INFO
{
    PWSTR           pszUserName;      
    PWSTR           pszDomain
    PWSTR           pszPassword;  
    PWSTR           pszOldPassword;  
} WLX_MPR_NOTIFY_INFO, * PWLX_MPR_NOTIFY_INFO;


These DLLs are not easy to implement. A bad GINA will prevent NT from booting.

0
 

Author Comment

by:Kalle 2
ID: 1168304
Thanks for your help.
I realize that this will be a hard one to accomplish.
Except for the sample code provided by MS, do you know
any other information sources with sample code on this
subject?

Best regards, Anders
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Often, when implementing a feature, you won't know how certain events should be handled at the point where they occur and you'd rather defer to the user of your function or class. For example, a XML parser will extract a tag from the source code, wh…
Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question