Windows NT Authentication

I have written a C++ Component using ATL COM Wizard.

The component task is to authenticate user.

The user will enter the username and password from ASP page.

The component will validate the user by using SAM(Security Accounts Manager) of WINNT.

Hence , I do not have any USER Table in my database.

I tried with LogonUser() API. But , I get invalid username and password error.

I then tried to use LsaLogonUser() API. But, it fails saying that MSV1_0_INTERACTIVE_LOGON is invlaid though I have included <ntsecapi.h>.

I tried using ADSI yet it also failed.

Please help me as how should go about doing this

Bye.
RanganathanVenkatakrishnanAsked:
Who is Participating?
 
ComTechConnect With a Mentor Commented:
This question will be moved to PAQ, and points refunded.

ComTech
CS @ EE
0
 
jhanceCommented:
If LogonUser is returning a username/password error, then you must be passing it an invalid username/password.  

Are you passing it the correct type (i.e. UNICODE vs. ASCII) strings?
0
 
jkrCommented:
>>I tried with LogonUser() API. But , I get invalid
>>username and password error.

If you're trying to log on locally (i.e. without a domain), the user name has to be ".\\username"
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
nrajanCommented:
The LogonUser API has some problems. I recently faced this problem while implementing secure NT logon for a VC++ app.I had to use the SSPI interface to create a logon. Look at the exceprt from MSDN below.

From MSDN
*********
The LogonUser API has been available and documented since Windows NT 3.51, and is commonly used to verify user credentials. Unfortunately, there are some restrictions on using LogonUser that are not always convenient to satisfy. The first and biggest of these restrictions is that the process calling LogonUser must have the SE_TCB_NAME privilege (in User Manager, this is the "Act as part of the Operating System" right). The SE_TCB_NAME privilege is very powerful and should not be granted to any arbitrary user just so that they can run an application that needs to validate credentials. The recommended method is to call LogonUser from a service running in the local system account since the local system account already has the SE_TCB_NAME privilege.

One other problem with LogonUser is that the API is not implemented on Windows 95.

As another option, you can use the Security Support Provider Interface (SSPI) to do a network style logon with provided user credentials. This method of validation has the advantage of not requiring any special privilege, as well as working on Windows 95.
0
 
RanganathanVenkatakrishnanAuthor Commented:
Thanx all for your replies.

To jkr: I had tried by passing username with the format ".\\username". But, I got the same error as invalid username and password.

To nrajan: I had looked into this article in MSDN. But, it uses socket connection which I cannot use it from a ASP login page.

Can U guys throw light on the problem as to why I am getting error on MSV1_0_INTERACTIVE_LOGON as invlaid
though I have included <ntsecapi.h>.

Some more info on <ntsecapi.h>:

I am developing this component on VC++(6.0). I went throught he file <ntsecapi.h> which is located in the insatalled location of Visual Studio.

I found the definition of MSV1_0_INTERACTIVE_LOGON missing in ntsecapi.h

But , in VC++ (7.0) I found the definition of MSV1_0_INTERACTIVE_LOGON in ntsecapi.h

So , do I require any additional files for using lsaLogonUSer() API ?



0
 
griesshCommented:
I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. Unless there is objection or further activity,  I will suggest to refund the points and delete this question since nobody had a solution for you.

The link to the Community Support area is: http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
======
Werner

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.