Link to home
Start Free TrialLog in
Avatar of LeeHopkins
LeeHopkinsFlag for United States of America

asked on

VB6 NT challenge

I need some simple code for a vb6 app that a user will enter their NT name and Password.
and I need a true if the user and password is valid and false if not valid.

They will be on a NT4 or 2000
ASKER CERTIFIED SOLUTION
Avatar of aeklund
aeklund

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You need to declare the appropriate API and just call the function. It's a simple as that:

Here's the declaration (usually you stick these in a module):

Public Declare Function LogonUser _
        Lib "kernel32" Alias "LogonUserA" ( _
        ByVal lpszUsername As String, _
        ByVal lpszDomain As String, _
        ByVal lpszPassword As String, _
        ByVal dwLogonType As Long, _
        ByVal dwLogonProvider As Long, _
        phToken As Long) As Long

Once you have that you can code,

Dim lLngReturn as long
lLngReturn = LogonUser( "username", "password"....

The rest of the details you can get from
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/logonuser.asp

Once you go there, you'll probably find it's a bit complicated, but it's not *too* scary. You can use the API viewer addin that comes with VB to find the values of the appropriate constants mentioned in the help pages: e.g.

Public Const LOGON32_LOGON_BATCH = 4
Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_LOGON_SERVICE = 5
Public Const LOGON32_PROVIDER_DEFAULT = 0
Public Const LOGON32_PROVIDER_WINNT35 = 1

Good luck
Avatar of LeeHopkins

ASKER

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/logonuser.asp

This info talks about changing the logon of the computer to the net work. I am just trying to validate that a user is who they say they are not really connect to the net work

Avatar of aeklund
aeklund

LeeHopkins-
Did you try the example I posted?  It does just that, it only verifies that the user get's authenticated and does not log that use on.
We could get into a whole discussion here about what "logging on" means. Generally it means that you identify yourself to an authenticating authority - perhaps a domain controller. If you're not connected to the network, then you could use local accounts on the machine and connect to that.

The point is that if you want to know whether their password is valid, you have to log on. It is possible to determine whether the account exists without logging on, but then you don't know whether the password is correct.

The link given by aeklund does show some techniques for doing both these things (across a network), but all you really need to do is call LogonUser.
Hi LeeHopkins,
This old question (QID 20570499) needs to be finalized -- accept an answer, split points, or get a refund.  Please see http://www.cityofangels.com/Experts/Closing.htm for information and options.