[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows NT Authentication

Posted on 2001-06-22
6
Medium Priority
?
1,080 Views
Last Modified: 2007-11-27
I have written a C++ Component using ATL COM Wizard.

The component task is to authenticate user.

The user will enter the username and password from ASP page.

The component will validate the user by using SAM(Security Accounts Manager) of WINNT.

Hence , I do not have any USER Table in my database.

I tried with LogonUser() API. But , I get invalid username and password error.

I then tried to use LsaLogonUser() API. But, it fails saying that MSV1_0_INTERACTIVE_LOGON is invlaid though I have included <ntsecapi.h>.

I tried using ADSI yet it also failed.

Please help me as how should go about doing this

Bye.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 6218518
If LogonUser is returning a username/password error, then you must be passing it an invalid username/password.  

Are you passing it the correct type (i.e. UNICODE vs. ASCII) strings?
0
 
LVL 86

Expert Comment

by:jkr
ID: 6219150
>>I tried with LogonUser() API. But , I get invalid
>>username and password error.

If you're trying to log on locally (i.e. without a domain), the user name has to be ".\\username"
0
 
LVL 1

Expert Comment

by:nrajan
ID: 6219795
The LogonUser API has some problems. I recently faced this problem while implementing secure NT logon for a VC++ app.I had to use the SSPI interface to create a logon. Look at the exceprt from MSDN below.

From MSDN
*********
The LogonUser API has been available and documented since Windows NT 3.51, and is commonly used to verify user credentials. Unfortunately, there are some restrictions on using LogonUser that are not always convenient to satisfy. The first and biggest of these restrictions is that the process calling LogonUser must have the SE_TCB_NAME privilege (in User Manager, this is the "Act as part of the Operating System" right). The SE_TCB_NAME privilege is very powerful and should not be granted to any arbitrary user just so that they can run an application that needs to validate credentials. The recommended method is to call LogonUser from a service running in the local system account since the local system account already has the SE_TCB_NAME privilege.

One other problem with LogonUser is that the API is not implemented on Windows 95.

As another option, you can use the Security Support Provider Interface (SSPI) to do a network style logon with provided user credentials. This method of validation has the advantage of not requiring any special privilege, as well as working on Windows 95.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:RanganathanVenkatakrishnan
ID: 6223474
Thanx all for your replies.

To jkr: I had tried by passing username with the format ".\\username". But, I got the same error as invalid username and password.

To nrajan: I had looked into this article in MSDN. But, it uses socket connection which I cannot use it from a ASP login page.

Can U guys throw light on the problem as to why I am getting error on MSV1_0_INTERACTIVE_LOGON as invlaid
though I have included <ntsecapi.h>.

Some more info on <ntsecapi.h>:

I am developing this component on VC++(6.0). I went throught he file <ntsecapi.h> which is located in the insatalled location of Visual Studio.

I found the definition of MSV1_0_INTERACTIVE_LOGON missing in ntsecapi.h

But , in VC++ (7.0) I found the definition of MSV1_0_INTERACTIVE_LOGON in ntsecapi.h

So , do I require any additional files for using lsaLogonUSer() API ?



0
 
LVL 11

Expert Comment

by:griessh
ID: 6820031
I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. Unless there is objection or further activity,  I will suggest to refund the points and delete this question since nobody had a solution for you.

The link to the Community Support area is: http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
======
Werner

0
 

Accepted Solution

by:
ComTech earned 0 total points
ID: 6837688
This question will be moved to PAQ, and points refunded.

ComTech
CS @ EE
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question