Windows NT Authentication

Posted on 2001-06-22
Medium Priority
Last Modified: 2007-11-27
I have written a C++ Component using ATL COM Wizard.

The component task is to authenticate user.

The user will enter the username and password from ASP page.

The component will validate the user by using SAM(Security Accounts Manager) of WINNT.

Hence , I do not have any USER Table in my database.

I tried with LogonUser() API. But , I get invalid username and password error.

I then tried to use LsaLogonUser() API. But, it fails saying that MSV1_0_INTERACTIVE_LOGON is invlaid though I have included <ntsecapi.h>.

I tried using ADSI yet it also failed.

Please help me as how should go about doing this

LVL 32

Expert Comment

ID: 6218518
If LogonUser is returning a username/password error, then you must be passing it an invalid username/password.  

Are you passing it the correct type (i.e. UNICODE vs. ASCII) strings?
LVL 86

Expert Comment

ID: 6219150
>>I tried with LogonUser() API. But , I get invalid
>>username and password error.

If you're trying to log on locally (i.e. without a domain), the user name has to be ".\\username"

Expert Comment

ID: 6219795
The LogonUser API has some problems. I recently faced this problem while implementing secure NT logon for a VC++ app.I had to use the SSPI interface to create a logon. Look at the exceprt from MSDN below.

The LogonUser API has been available and documented since Windows NT 3.51, and is commonly used to verify user credentials. Unfortunately, there are some restrictions on using LogonUser that are not always convenient to satisfy. The first and biggest of these restrictions is that the process calling LogonUser must have the SE_TCB_NAME privilege (in User Manager, this is the "Act as part of the Operating System" right). The SE_TCB_NAME privilege is very powerful and should not be granted to any arbitrary user just so that they can run an application that needs to validate credentials. The recommended method is to call LogonUser from a service running in the local system account since the local system account already has the SE_TCB_NAME privilege.

One other problem with LogonUser is that the API is not implemented on Windows 95.

As another option, you can use the Security Support Provider Interface (SSPI) to do a network style logon with provided user credentials. This method of validation has the advantage of not requiring any special privilege, as well as working on Windows 95.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 6223474
Thanx all for your replies.

To jkr: I had tried by passing username with the format ".\\username". But, I got the same error as invalid username and password.

To nrajan: I had looked into this article in MSDN. But, it uses socket connection which I cannot use it from a ASP login page.

Can U guys throw light on the problem as to why I am getting error on MSV1_0_INTERACTIVE_LOGON as invlaid
though I have included <ntsecapi.h>.

Some more info on <ntsecapi.h>:

I am developing this component on VC++(6.0). I went throught he file <ntsecapi.h> which is located in the insatalled location of Visual Studio.

I found the definition of MSV1_0_INTERACTIVE_LOGON missing in ntsecapi.h

But , in VC++ (7.0) I found the definition of MSV1_0_INTERACTIVE_LOGON in ntsecapi.h

So , do I require any additional files for using lsaLogonUSer() API ?

LVL 11

Expert Comment

ID: 6820031
I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. Unless there is objection or further activity,  I will suggest to refund the points and delete this question since nobody had a solution for you.

The link to the Community Support area is: http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt



Accepted Solution

ComTech earned 0 total points
ID: 6837688
This question will be moved to PAQ, and points refunded.


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question