Solved

Windows NT Authentication

Posted on 2001-06-22
6
1,058 Views
Last Modified: 2007-11-27
I have written a C++ Component using ATL COM Wizard.

The component task is to authenticate user.

The user will enter the username and password from ASP page.

The component will validate the user by using SAM(Security Accounts Manager) of WINNT.

Hence , I do not have any USER Table in my database.

I tried with LogonUser() API. But , I get invalid username and password error.

I then tried to use LsaLogonUser() API. But, it fails saying that MSV1_0_INTERACTIVE_LOGON is invlaid though I have included <ntsecapi.h>.

I tried using ADSI yet it also failed.

Please help me as how should go about doing this

Bye.
0
Comment
6 Comments
 
LVL 32

Expert Comment

by:jhance
Comment Utility
If LogonUser is returning a username/password error, then you must be passing it an invalid username/password.  

Are you passing it the correct type (i.e. UNICODE vs. ASCII) strings?
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
>>I tried with LogonUser() API. But , I get invalid
>>username and password error.

If you're trying to log on locally (i.e. without a domain), the user name has to be ".\\username"
0
 
LVL 1

Expert Comment

by:nrajan
Comment Utility
The LogonUser API has some problems. I recently faced this problem while implementing secure NT logon for a VC++ app.I had to use the SSPI interface to create a logon. Look at the exceprt from MSDN below.

From MSDN
*********
The LogonUser API has been available and documented since Windows NT 3.51, and is commonly used to verify user credentials. Unfortunately, there are some restrictions on using LogonUser that are not always convenient to satisfy. The first and biggest of these restrictions is that the process calling LogonUser must have the SE_TCB_NAME privilege (in User Manager, this is the "Act as part of the Operating System" right). The SE_TCB_NAME privilege is very powerful and should not be granted to any arbitrary user just so that they can run an application that needs to validate credentials. The recommended method is to call LogonUser from a service running in the local system account since the local system account already has the SE_TCB_NAME privilege.

One other problem with LogonUser is that the API is not implemented on Windows 95.

As another option, you can use the Security Support Provider Interface (SSPI) to do a network style logon with provided user credentials. This method of validation has the advantage of not requiring any special privilege, as well as working on Windows 95.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:RanganathanVenkatakrishnan
Comment Utility
Thanx all for your replies.

To jkr: I had tried by passing username with the format ".\\username". But, I got the same error as invalid username and password.

To nrajan: I had looked into this article in MSDN. But, it uses socket connection which I cannot use it from a ASP login page.

Can U guys throw light on the problem as to why I am getting error on MSV1_0_INTERACTIVE_LOGON as invlaid
though I have included <ntsecapi.h>.

Some more info on <ntsecapi.h>:

I am developing this component on VC++(6.0). I went throught he file <ntsecapi.h> which is located in the insatalled location of Visual Studio.

I found the definition of MSV1_0_INTERACTIVE_LOGON missing in ntsecapi.h

But , in VC++ (7.0) I found the definition of MSV1_0_INTERACTIVE_LOGON in ntsecapi.h

So , do I require any additional files for using lsaLogonUSer() API ?



0
 
LVL 11

Expert Comment

by:griessh
Comment Utility
I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. Unless there is objection or further activity,  I will suggest to refund the points and delete this question since nobody had a solution for you.

The link to the Community Support area is: http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
======
Werner

0
 

Accepted Solution

by:
ComTech earned 0 total points
Comment Utility
This question will be moved to PAQ, and points refunded.

ComTech
CS @ EE
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Often, when implementing a feature, you won't know how certain events should be handled at the point where they occur and you'd rather defer to the user of your function or class. For example, a XML parser will extract a tag from the source code, wh…
Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now