[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 189
  • Last Modified:

Authenticating Access DB with Active Directory

Is it possible to link/sync my login form with Active Directory so my users can login using the same AD credentials?
0
Lawrence Salvucci
Asked:
Lawrence Salvucci
  • 4
  • 3
1 Solution
 
Jim Dettman (Microsoft MVP/ EE MVE)PresidentCommented:
You can use the procedure below to grab the computer name or the users network login.

Jim.

Private Declare Function GetComputerNameA Lib "kernel32" (ByVal lpBuffer As String, nSize As Long) As Long
Private Declare Function GetUserNameA Lib "advapi32.dll" (ByVal lpBuffer As String, nSize As Long) As Long


Public Function WhoAmI(bReturnUserName As Boolean) As String

        ' Function returns either user name or computer name

        Dim strName As String * 255

10      If bReturnUserName = True Then
20        GetUserNameA strName, Len(strName)
30      Else
40        GetComputerNameA strName, Len(strName)
50      End If

60      WhoAmI = left$(strName, InStr(strName, vbNullChar) - 1)

End Function 

Open in new window

0
 
Jim Dettman (Microsoft MVP/ EE MVE)PresidentCommented:
I should add that if you really want to poll AD from VBA for other things, you'll need to use LDAP to do it (and yes, it can be done).

Jim.
0
 
Lawrence SalvucciInformation Technology ManagerAuthor Commented:
I already have code to grab the computer name and network username. I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
Jim Dettman (Microsoft MVP/ EE MVE)PresidentCommented:
<<I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD. >>

  But if their logged into the computer, then they've already authenticated with AD and all you need to do is grab the network name.

 If your saying though that you want to have a situation where user A is logged in, but user B sits down and fires up your app and enters a username/password, and authenticate that, then I don't know how to do that off-hand.   It's just never come up before.

 Everyone relies on the logged in username.

Jim.
0
 
Lawrence SalvucciInformation Technology ManagerAuthor Commented:
I understand what you're saying. So if a user already authenticates with AD there is no need for them to enter a PW when accessing the DB, correct? Right now I have a login form that is bound to a table in my DB where the username and PW are stored. So would I not need to use that table?
0
 
Jim Dettman (Microsoft MVP/ EE MVE)PresidentCommented:
<<So would I not need to use that table? >>

You may or may not.  There are a number of approaches you can take depending on how you want to handle security:

1. Rely on the network login name - no login form in the app - it just starts up.
2. A login form, defaulted to the network login name, and asks for a password to match against an app level user table.
3. A login form, which defaults to the network name, but allows the username to be changed, and asks for a password to match against an app level user table.

With #1 obviously, no table needed.   With #2 and 3 you would.   I usually use #2 only to protect someone from walking up to the station and using the app.  It's also an easy way to control who has access to what apps.  

If however users are trained well and lock their stations (or logout) when leaving, then #1 is fine.

#3 I use when one station may be used by multiple people, say a receiving app on a warehouse computer.  Again however, it relies on someone exiting the app when leaving.

So what you need depends on the situation.  My suggestion would be to leave the user table in and as part of that login, have a "RequiresLogin" flag and also a "CanChangeUserName" flag.

When your app starts up, check the first and if true, pop-up your login form.    Second says if they can login as any user or not.

That covers all the situations then that you might encounter.

But if you always want to authenticate against AD, I would take the easy way out and use #1 or #2 and rely on the authentication process built into windows to do the job.   If another user needs to use the app, then they need to login to windows.

That can be a good idea anyway in terms of the app needing to save external files or data, create temp files, etc. as it is all handled at the windows user level then.

Jim.
0
 
Lawrence SalvucciInformation Technology ManagerAuthor Commented:
Thank you for the detailed explanation Jim. I agree with you about using #2 as the viable option. Thank you again for your help!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now