Windows NT Authentication

Posted on 2001-06-22
Last Modified: 2007-11-27
I have written a C++ Component using ATL COM Wizard.

The component task is to authenticate user.

The user will enter the username and password from ASP page.

The component will validate the user by using SAM(Security Accounts Manager) of WINNT.

Hence , I do not have any USER Table in my database.

I tried with LogonUser() API. But , I get invalid username and password error.

I then tried to use LsaLogonUser() API. But, it fails saying that MSV1_0_INTERACTIVE_LOGON is invlaid though I have included <ntsecapi.h>.

I tried using ADSI yet it also failed.

Please help me as how should go about doing this

LVL 32

Expert Comment

ID: 6218518
If LogonUser is returning a username/password error, then you must be passing it an invalid username/password.  

Are you passing it the correct type (i.e. UNICODE vs. ASCII) strings?
LVL 86

Expert Comment

ID: 6219150
>>I tried with LogonUser() API. But , I get invalid
>>username and password error.

If you're trying to log on locally (i.e. without a domain), the user name has to be ".\\username"

Expert Comment

ID: 6219795
The LogonUser API has some problems. I recently faced this problem while implementing secure NT logon for a VC++ app.I had to use the SSPI interface to create a logon. Look at the exceprt from MSDN below.

The LogonUser API has been available and documented since Windows NT 3.51, and is commonly used to verify user credentials. Unfortunately, there are some restrictions on using LogonUser that are not always convenient to satisfy. The first and biggest of these restrictions is that the process calling LogonUser must have the SE_TCB_NAME privilege (in User Manager, this is the "Act as part of the Operating System" right). The SE_TCB_NAME privilege is very powerful and should not be granted to any arbitrary user just so that they can run an application that needs to validate credentials. The recommended method is to call LogonUser from a service running in the local system account since the local system account already has the SE_TCB_NAME privilege.

One other problem with LogonUser is that the API is not implemented on Windows 95.

As another option, you can use the Security Support Provider Interface (SSPI) to do a network style logon with provided user credentials. This method of validation has the advantage of not requiring any special privilege, as well as working on Windows 95.
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.


Author Comment

ID: 6223474
Thanx all for your replies.

To jkr: I had tried by passing username with the format ".\\username". But, I got the same error as invalid username and password.

To nrajan: I had looked into this article in MSDN. But, it uses socket connection which I cannot use it from a ASP login page.

Can U guys throw light on the problem as to why I am getting error on MSV1_0_INTERACTIVE_LOGON as invlaid
though I have included <ntsecapi.h>.

Some more info on <ntsecapi.h>:

I am developing this component on VC++(6.0). I went throught he file <ntsecapi.h> which is located in the insatalled location of Visual Studio.

I found the definition of MSV1_0_INTERACTIVE_LOGON missing in ntsecapi.h

But , in VC++ (7.0) I found the definition of MSV1_0_INTERACTIVE_LOGON in ntsecapi.h

So , do I require any additional files for using lsaLogonUSer() API ?

LVL 11

Expert Comment

ID: 6820031
I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. Unless there is objection or further activity,  I will suggest to refund the points and delete this question since nobody had a solution for you.

The link to the Community Support area is:



Accepted Solution

ComTech earned 0 total points
ID: 6837688
This question will be moved to PAQ, and points refunded.


Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
What is C++ STL?: STL stands for Standard Template Library and is a part of standard C++ libraries. It contains many useful data structures (containers) and algorithms, which can spare you a lot of the time. Today we will look at the STL Vector. …
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question