Solved

Authenticating Access DB with Active Directory

Posted on 2014-12-31
7
143 Views
Last Modified: 2014-12-31
Is it possible to link/sync my login form with Active Directory so my users can login using the same AD credentials?
0
Comment
Question by:Lawrence Salvucci
  • 4
  • 3
7 Comments
 
LVL 57
ID: 40525302
You can use the procedure below to grab the computer name or the users network login.

Jim.

Private Declare Function GetComputerNameA Lib "kernel32" (ByVal lpBuffer As String, nSize As Long) As Long
Private Declare Function GetUserNameA Lib "advapi32.dll" (ByVal lpBuffer As String, nSize As Long) As Long


Public Function WhoAmI(bReturnUserName As Boolean) As String

        ' Function returns either user name or computer name

        Dim strName As String * 255

10      If bReturnUserName = True Then
20        GetUserNameA strName, Len(strName)
30      Else
40        GetComputerNameA strName, Len(strName)
50      End If

60      WhoAmI = left$(strName, InStr(strName, vbNullChar) - 1)

End Function 

Open in new window

0
 
LVL 57
ID: 40525303
I should add that if you really want to poll AD from VBA for other things, you'll need to use LDAP to do it (and yes, it can be done).

Jim.
0
 
LVL 1

Author Comment

by:Lawrence Salvucci
ID: 40525305
I already have code to grab the computer name and network username. I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 57
ID: 40525315
<<I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD. >>

  But if their logged into the computer, then they've already authenticated with AD and all you need to do is grab the network name.

 If your saying though that you want to have a situation where user A is logged in, but user B sits down and fires up your app and enters a username/password, and authenticate that, then I don't know how to do that off-hand.   It's just never come up before.

 Everyone relies on the logged in username.

Jim.
0
 
LVL 1

Author Comment

by:Lawrence Salvucci
ID: 40525321
I understand what you're saying. So if a user already authenticates with AD there is no need for them to enter a PW when accessing the DB, correct? Right now I have a login form that is bound to a table in my DB where the username and PW are stored. So would I not need to use that table?
0
 
LVL 57

Accepted Solution

by:
Jim Dettman (Microsoft MVP/ EE MVE) earned 500 total points
ID: 40525340
<<So would I not need to use that table? >>

You may or may not.  There are a number of approaches you can take depending on how you want to handle security:

1. Rely on the network login name - no login form in the app - it just starts up.
2. A login form, defaulted to the network login name, and asks for a password to match against an app level user table.
3. A login form, which defaults to the network name, but allows the username to be changed, and asks for a password to match against an app level user table.

With #1 obviously, no table needed.   With #2 and 3 you would.   I usually use #2 only to protect someone from walking up to the station and using the app.  It's also an easy way to control who has access to what apps.  

If however users are trained well and lock their stations (or logout) when leaving, then #1 is fine.

#3 I use when one station may be used by multiple people, say a receiving app on a warehouse computer.  Again however, it relies on someone exiting the app when leaving.

So what you need depends on the situation.  My suggestion would be to leave the user table in and as part of that login, have a "RequiresLogin" flag and also a "CanChangeUserName" flag.

When your app starts up, check the first and if true, pop-up your login form.    Second says if they can login as any user or not.

That covers all the situations then that you might encounter.

But if you always want to authenticate against AD, I would take the easy way out and use #1 or #2 and rely on the authentication process built into windows to do the job.   If another user needs to use the app, then they need to login to windows.

That can be a good idea anyway in terms of the app needing to save external files or data, create temp files, etc. as it is all handled at the windows user level then.

Jim.
0
 
LVL 1

Author Closing Comment

by:Lawrence Salvucci
ID: 40525366
Thank you for the detailed explanation Jim. I agree with you about using #2 as the viable option. Thank you again for your help!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

In the article entitled Working with Objects – Part 1 (http://www.experts-exchange.com/Microsoft/Development/MS_Access/A_4942-Working-with-Objects-Part-1.html), you learned the basics of working with objects, properties, methods, and events. In Work…
Introduction When developing Access applications, often we need to know whether an object exists.  This article presents a quick and reliable routine to determine if an object exists without that object being opened. If you wanted to inspect/ite…
Basics of query design. Shows you how to construct a simple query by adding tables, perform joins, defining output columns, perform sorting, and apply criteria.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now