nephinj
asked on
API and Windows NT
Need a program that a user can enter a user name and password. The program then checks to see if it mathchs Windows Nt's user name and password, then it displays true or false. I got the user name using a API function? But I do not have to get anything just see if its vaild.
Do you know how to get the password or see if its vaild?
thanks
I'm not a hacker, I want it for security to my program
Do you know how to get the password or see if its vaild?
thanks
I'm not a hacker, I want it for security to my program
Hacking, are you ?
ASKER
Edited text of question.
mmm, that would be nice to have an API which returns the users password... not so nice for Bill Gates though as he'd probably only have sold a 2% of the amount he's actually sold if security had been that easy to crack.
The only way I can think that you might be able to verify the password is to try to read a file on your disk but via another PC, to which you supply the username / password - I wouldn't know what the syntax would be, but it might be worth investigating.
The only way I can think that you might be able to verify the password is to try to read a file on your disk but via another PC, to which you supply the username / password - I wouldn't know what the syntax would be, but it might be worth investigating.
Mabry has a NT users control.
ASKER
Edited text of question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I do not know much about COM objects could you give a little more detail....
In VB it's an ActiveX EXE, you create public functions that can be called from another application.
eg.
create a class with a public method that has calls the LogonUser API then create a new instance of the object in your calling application to call the method.
dim objValidation as CPassValidation
set objValidation = New CPassValidation
bResult = objValidation.CheckPasswor d(user, pass)
Use the utility 'dcomcnfg' to configure the process to run in others security context and there you have it...
eg.
create a class with a public method that has calls the LogonUser API then create a new instance of the object in your calling application to call the method.
dim objValidation as CPassValidation
set objValidation = New CPassValidation
bResult = objValidation.CheckPasswor
Use the utility 'dcomcnfg' to configure the process to run in others security context and there you have it...
ASKER
I do not know much about COM objects could you give a little more detail....
ASKER
I dont know of any LOGONUSER API where do I find information on this.
You're making me work for this one, here's an example how to do it if the user has the appropriate permissions, if your users don't then it must run in it's own process space... See above.
For the example you need two text boxes (txtUser, txtPassword) and a command button (command1)
then paste the following code in (remember, this is an example...)
Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Sub Command1_Click()
Call CheckPassword(txtUser, txtPassword)
End Sub
Public Function CheckPassword(UserName As String, Password As String) As Long
Dim pToken As Long
Dim lRet As Long
lRet = LogonUser(UserName, vbNullString, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pToken)
If lRet Then
MsgBox "OK"
Else
MsgBox "Not OK"
End If
End Function
For the example you need two text boxes (txtUser, txtPassword) and a command button (command1)
then paste the following code in (remember, this is an example...)
Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Sub Command1_Click()
Call CheckPassword(txtUser, txtPassword)
End Sub
Public Function CheckPassword(UserName As String, Password As String) As Long
Dim pToken As Long
Dim lRet As Long
lRet = LogonUser(UserName, vbNullString, Password, LOGON32_LOGON_INTERACTIVE,
If lRet Then
MsgBox "OK"
Else
MsgBox "Not OK"
End If
End Function
are you sure you're in the right job?
ASKER
Thanks but it always says not ok....any sujestions? Does it work on your machine?
ASKER
Why do you ask if im in the right job is it because I did not know about the API you sujested, I know how to use them its just not in the list of functions I have.
Yes it works....
What is your domain model, the secon parameter is null, this means it will check the local machine account then the domain.
By the way make sure the user you are logged in has the "Act as Part of the Operating System" right.
What is your domain model, the secon parameter is null, this means it will check the local machine account then the domain.
By the way make sure the user you are logged in has the "Act as Part of the Operating System" right.
Add this function to the declares section then call it directly after you call LogonUser.... What is the result?
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
ASKER
Act as Part of the Operating System how do you turn this on! No error it just says Not ok in a MsgBog
The GetLastError function returns a value, what is the value?
If you don't understand "Act as Part of The OPerating System" then you probably haven't set it... Therefore it is almost certainly failing on permissions. If you are checking local passwords (local machine) then make the change on your machine - User Manager, if it is on a domain then you must make the change using User Manager for domains.
You will see a menu dropdown called Policies - User Rights. Select show advanced rights and ensure your user is in the list.
While your at it change the code so you can get the error code....
Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Sub Command1_Click()
Call CheckPassword(txtUser, txtPassword)
End Sub
Public Function CheckPassword(UserName As String, Password As String) As Long
Dim pToken As Long
Dim lRet As Long
Dim lErr As long
lRet = LogonUser(UserName, vbNullString, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pToken)
lErr = GetLastError()
If lRet Then
MsgBox "OK"
Else
MsgBox "Not OK - Error " & lErr
End If
End Function
If you don't understand "Act as Part of The OPerating System" then you probably haven't set it... Therefore it is almost certainly failing on permissions. If you are checking local passwords (local machine) then make the change on your machine - User Manager, if it is on a domain then you must make the change using User Manager for domains.
You will see a menu dropdown called Policies - User Rights. Select show advanced rights and ensure your user is in the list.
While your at it change the code so you can get the error code....
Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Sub Command1_Click()
Call CheckPassword(txtUser, txtPassword)
End Sub
Public Function CheckPassword(UserName As String, Password As String) As Long
Dim pToken As Long
Dim lRet As Long
Dim lErr As long
lRet = LogonUser(UserName, vbNullString, Password, LOGON32_LOGON_INTERACTIVE,
lErr = GetLastError()
If lRet Then
MsgBox "OK"
Else
MsgBox "Not OK - Error " & lErr
End If
End Function
ASKER
Changed the code Error is 0, there is no show advanced rights under the user manager
UserManager:
Menu Drop Down "Policies" (Alt-P)
"User Rights" (Alt-U)
Click on show advanced user rights (Alt-S)
Then choose "Act as part of the operating system"
Zero implies the function is working what is your e-mail address I will mail you some code.... (up the points - i'm working too hard)
Menu Drop Down "Policies" (Alt-P)
"User Rights" (Alt-U)
Click on show advanced user rights (Alt-S)
Then choose "Act as part of the operating system"
Zero implies the function is working what is your e-mail address I will mail you some code.... (up the points - i'm working too hard)
ASKER
nephinj@em.agr.ca - all the points I have
ASKER
thanks