Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Retrieving User information

Posted on 1998-04-30
8
Medium Priority
?
268 Views
Last Modified: 2008-02-01
Hello,

I am trying to implement a Smart Card reader for security reasons into the NT logon sequence.

Question is: How do I retrieve the user information (user, domain, password etc) from C++?

When this is done I will verify the current user against his/hers smart card.

How can I make this verification happen directly after the user logon sequence in the NT4.0 environment?

Appreciate help with this issue!

Best regards, Anders Karlsson
0
Comment
Question by:Kalle 2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 1168297
0
 

Author Comment

by:Kalle 2
ID: 1168298
Yes I have looked at it.
The Drive I am using at the moment does not support the
standards so I figured using the API supplied with the
Drive (ASEDrive v1.4) and make my own calls to NT Security (SSPI)
to verify the Card.

So what I am looking for is some kind of directions telling me which
function calls to use and what I need to establish to retrieve the current
users name, domain and password.

And my second question, how to make this verification happen
directly after the logon sequence so that I can choose to logoff
the user directly if the Userid - Smartcard doesn't match.

// Anders Karlsson
0
 
LVL 2

Expert Comment

by:lortega
ID: 1168299
there are one api, but not necesary compatible betwen NT and 95,

BOOL LogonUser(
    LPTSTR lpszUsername,// string that specifies the user name
    LPTSTR lpszDomain,//str that specifies the domain or server
    LPTSTR lpszPassword,// string that specifies the password
    DWORD dwLogonType,// specifies the type of logon operation
    DWORD dwLogonProvider,// specifies the logon provider
    PHANDLE phToken// pointer to variable to receive token handle
   );      


a. you can store some of the login information on smartcard
b. try to logon with that information
c. if logon succed then ok else do your message to inform that
d. the last parameter is good for other calls tha you can use, calls like CreateProcessAsUser or ImpersonateLoggedOnUser.

i hope this will help you,
lortega
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Kalle 2
ID: 1168300
Yes, this would do. The problem I am having is that the
existing NT logon is still there and I don't believe I can override
this in any way.
So what I want is not to logon to the system, it is retrieveing the
already given user+password to verify if the user logged on
matches the one given on the Smart card supplied by the user.

This is not the best solution, that would be incorporating the
Smart card control into the current NT login sequence itself
but I think (?) that would be to hard to accomplish, am I right?

// Anders Karlsson
0
 
LVL 2

Expert Comment

by:gantriis
ID: 1168301
Hej Anders.

What you need is to replace the GINA (Graphical Identification and Authentication DLL) on the Windows NT systems that will use the SmartCard reader.

Microsoft Visual C++ contains a sample project (\samples\sdk\winnt\security\gina) that shows you all the functions that such a GINA replacement needs to handle (all the ways it is expected to interact with WinLogon).

Building your own GINA is not an easy task, but to accomplish the task you are describing you would probably like to:

1. Start by installing and compiling the VC++ sample project.
2. Insert the routines that will verity the user on some external device of your choise (Smartcard reader, camera, microphone or whatever you can think of).

You might also find the below general information about the functions that your GINA is expected to take care of useful:

http://premium.microsoft.com/msdn/library/devprods/vc++/vcsamples/f14/f20/d4f/s1cf6f.htm

http://premium.microsoft.com/msdn/library/specs/winntsec/f1/d2/s119e9.htm

http://premium.microsoft.com/msdn/library/specs/winntsec/f1/d2/s119f4.htm

Med venlig hälsning
Gantriis
0
 
LVL 1

Expert Comment

by:dreamPeace
ID: 1168302
Perhaps you should look into the system/windows.ini and try to change the shell to be the login procedure? U can use the registry to check the current username, and the WinLogon will take care of password. Shell will simply fail if the authentication fails...
0
 

Accepted Solution

by:
naveedi earned 400 total points
ID: 1168303
The identification and authentication aspects of the logon are implemented in the GINA DLL. By default the standard GINA is MSGINA.DLL. This can be replaced so you can do your own authentication. The WinLogon process can also load additional network provider DLLs. Secondary authentication can occur here. It sounds to me like you want WinLogon GINA to validate the user's NT domain login. You then want your card reader, implemented as a network provider DLL, to do a seconary authentication. If both these tests are good allow the logon to proceed. You will probally have to implement your own GINA because by default the WINAPIWlxLoggedOutSas will not return password information to secondary network provider DLLs. Your GINA implementation will have to insure that the parameter [OUT] PWLX_MPR_NOTIFY_INFO pMprNotifyInfo for WINAPIWlxLoggedOutSas function points to valid password info. This parameter can than be used by your secondary network provider DLL to do your SmartCard validation.



How to get the domain name?
How to get the user name?
How to get the password?

All this information is part of the WLX_MPR_NOTIFY_INFO  structure that your GINA implementation will pass back to your secondary network login DLL.


From WINWLX.H
-------------
typedef struct _WLX_MPR_NOTIFY_INFO
{
    PWSTR           pszUserName;      
    PWSTR           pszDomain
    PWSTR           pszPassword;  
    PWSTR           pszOldPassword;  
} WLX_MPR_NOTIFY_INFO, * PWLX_MPR_NOTIFY_INFO;


These DLLs are not easy to implement. A bad GINA will prevent NT from booting.

0
 

Author Comment

by:Kalle 2
ID: 1168304
Thanks for your help.
I realize that this will be a hard one to accomplish.
Except for the sample code provided by MS, do you know
any other information sources with sample code on this
subject?

Best regards, Anders
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
C++ Properties One feature missing from standard C++ that you will find in many other Object Oriented Programming languages is something called a Property (http://www.experts-exchange.com/Programming/Languages/CPP/A_3912-Object-Properties-in-C.ht…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question