Solved

Authenticating Access DB with Active Directory

Posted on 2014-12-31
7
158 Views
Last Modified: 2014-12-31
Is it possible to link/sync my login form with Active Directory so my users can login using the same AD credentials?
0
Comment
Question by:Lawrence Salvucci
  • 4
  • 3
7 Comments
 
LVL 57
ID: 40525302
You can use the procedure below to grab the computer name or the users network login.

Jim.

Private Declare Function GetComputerNameA Lib "kernel32" (ByVal lpBuffer As String, nSize As Long) As Long
Private Declare Function GetUserNameA Lib "advapi32.dll" (ByVal lpBuffer As String, nSize As Long) As Long


Public Function WhoAmI(bReturnUserName As Boolean) As String

        ' Function returns either user name or computer name

        Dim strName As String * 255

10      If bReturnUserName = True Then
20        GetUserNameA strName, Len(strName)
30      Else
40        GetComputerNameA strName, Len(strName)
50      End If

60      WhoAmI = left$(strName, InStr(strName, vbNullChar) - 1)

End Function 

Open in new window

0
 
LVL 57
ID: 40525303
I should add that if you really want to poll AD from VBA for other things, you'll need to use LDAP to do it (and yes, it can be done).

Jim.
0
 
LVL 1

Author Comment

by:Lawrence Salvucci
ID: 40525305
I already have code to grab the computer name and network username. I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 57
ID: 40525315
<<I'm trying to find a way to have it sync or verify their password when they log into the database against AD. Instead of having separate passwords for AD and the Access DB I want them to be the same but controlled by AD. >>

  But if their logged into the computer, then they've already authenticated with AD and all you need to do is grab the network name.

 If your saying though that you want to have a situation where user A is logged in, but user B sits down and fires up your app and enters a username/password, and authenticate that, then I don't know how to do that off-hand.   It's just never come up before.

 Everyone relies on the logged in username.

Jim.
0
 
LVL 1

Author Comment

by:Lawrence Salvucci
ID: 40525321
I understand what you're saying. So if a user already authenticates with AD there is no need for them to enter a PW when accessing the DB, correct? Right now I have a login form that is bound to a table in my DB where the username and PW are stored. So would I not need to use that table?
0
 
LVL 57

Accepted Solution

by:
Jim Dettman (Microsoft MVP/ EE MVE) earned 500 total points
ID: 40525340
<<So would I not need to use that table? >>

You may or may not.  There are a number of approaches you can take depending on how you want to handle security:

1. Rely on the network login name - no login form in the app - it just starts up.
2. A login form, defaulted to the network login name, and asks for a password to match against an app level user table.
3. A login form, which defaults to the network name, but allows the username to be changed, and asks for a password to match against an app level user table.

With #1 obviously, no table needed.   With #2 and 3 you would.   I usually use #2 only to protect someone from walking up to the station and using the app.  It's also an easy way to control who has access to what apps.  

If however users are trained well and lock their stations (or logout) when leaving, then #1 is fine.

#3 I use when one station may be used by multiple people, say a receiving app on a warehouse computer.  Again however, it relies on someone exiting the app when leaving.

So what you need depends on the situation.  My suggestion would be to leave the user table in and as part of that login, have a "RequiresLogin" flag and also a "CanChangeUserName" flag.

When your app starts up, check the first and if true, pop-up your login form.    Second says if they can login as any user or not.

That covers all the situations then that you might encounter.

But if you always want to authenticate against AD, I would take the easy way out and use #1 or #2 and rely on the authentication process built into windows to do the job.   If another user needs to use the app, then they need to login to windows.

That can be a good idea anyway in terms of the app needing to save external files or data, create temp files, etc. as it is all handled at the windows user level then.

Jim.
0
 
LVL 1

Author Closing Comment

by:Lawrence Salvucci
ID: 40525366
Thank you for the detailed explanation Jim. I agree with you about using #2 as the viable option. Thank you again for your help!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a multiple monitor setup, if you don't want to use AutoCenter to position your popup forms, you have a problem: where will they appear?  Sometimes you may have an additional problem: where the devil did they go?  If you last had a popup form open…
Overview: This article:       (a) explains one principle method to cross-reference invoice items in Quickbooks®       (b) explores the reasons one might need to cross-reference invoice items       (c) provides a sample process for creating a M…
In Microsoft Access, learn different ways of passing a string value within a string argument. Also learn what a “Type Mis-match” error is about.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question