Solved

Authenticating Access DB with Active Directory

Posted on 2014-12-31
7
172 Views
Last Modified: 2014-12-31
Is it possible to link/sync my login form with Active Directory so my users can login using the same AD credentials?
0
Comment
Question by:Lawrence Salvucci
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 58
ID: 40525302
You can use the procedure below to grab the computer name or the users network login.

Jim.

Private Declare Function GetComputerNameA Lib "kernel32" (ByVal lpBuffer As String, nSize As Long) As Long
Private Declare Function GetUserNameA Lib "advapi32.dll" (ByVal lpBuffer As String, nSize As Long) As Long


Public Function WhoAmI(bReturnUserName As Boolean) As String

        ' Function returns either user name or computer name

        Dim strName As String * 255

10      If bReturnUserName = True Then
20        GetUserNameA strName, Len(strName)
30      Else
40        GetComputerNameA strName, Len(strName)
50      End If

60      WhoAmI = left$(strName, InStr(strName, vbNullChar) - 1)

End Function 

Open in new window

0
 
LVL 58
ID: 40525303
I should add that if you really want to poll AD from VBA for other things, you'll need to use LDAP to do it (and yes, it can be done).

Jim.
0
 
LVL 1

Author Comment

by:Lawrence Salvucci
ID: 40525305
I already have code to grab the computer name and network username. I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD.
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 58
ID: 40525315
<<I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD. >>

  But if their logged into the computer, then they've already authenticated with AD and all you need to do is grab the network name.

 If your saying though that you want to have a situation where user A is logged in, but user B sits down and fires up your app and enters a username/password, and authenticate that, then I don't know how to do that off-hand.   It's just never come up before.

 Everyone relies on the logged in username.

Jim.
0
 
LVL 1

Author Comment

by:Lawrence Salvucci
ID: 40525321
I understand what you're saying. So if a user already authenticates with AD there is no need for them to enter a PW when accessing the DB, correct? Right now I have a login form that is bound to a table in my DB where the username and PW are stored. So would I not need to use that table?
0
 
LVL 58

Accepted Solution

by:
Jim Dettman (Microsoft MVP/ EE MVE) earned 500 total points
ID: 40525340
<<So would I not need to use that table? >>

You may or may not.  There are a number of approaches you can take depending on how you want to handle security:

1. Rely on the network login name - no login form in the app - it just starts up.
2. A login form, defaulted to the network login name, and asks for a password to match against an app level user table.
3. A login form, which defaults to the network name, but allows the username to be changed, and asks for a password to match against an app level user table.

With #1 obviously, no table needed.   With #2 and 3 you would.   I usually use #2 only to protect someone from walking up to the station and using the app.  It's also an easy way to control who has access to what apps.  

If however users are trained well and lock their stations (or logout) when leaving, then #1 is fine.

#3 I use when one station may be used by multiple people, say a receiving app on a warehouse computer.  Again however, it relies on someone exiting the app when leaving.

So what you need depends on the situation.  My suggestion would be to leave the user table in and as part of that login, have a "RequiresLogin" flag and also a "CanChangeUserName" flag.

When your app starts up, check the first and if true, pop-up your login form.    Second says if they can login as any user or not.

That covers all the situations then that you might encounter.

But if you always want to authenticate against AD, I would take the easy way out and use #1 or #2 and rely on the authentication process built into windows to do the job.   If another user needs to use the app, then they need to login to windows.

That can be a good idea anyway in terms of the app needing to save external files or data, create temp files, etc. as it is all handled at the windows user level then.

Jim.
0
 
LVL 1

Author Closing Comment

by:Lawrence Salvucci
ID: 40525366
Thank you for the detailed explanation Jim. I agree with you about using #2 as the viable option. Thank you again for your help!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Describes a method of obtaining an object variable to an already running instance of Microsoft Access so that it can be controlled via automation.
AutoNumbers should increment automatically, without duplicates.  But sometimes something goes wrong, and the next AutoNumber value is a duplicate.  This article shows how to recover from this problem.
Learn how to number pages in an Access report over each group. Activate two pass printing by referencing the pages property: Add code to the Page Footers OnFormat event to capture the pages as there occur for each group. Use the pages property to …
In Microsoft Access, learn different ways of passing a string value within a string argument. Also learn what a “Type Mis-match” error is about.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question