Re: VB6 & Active Directory

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

IIRC, there is a LogonUser API. Can it be used with AD credentials?

Ivan

"Mark Yudkin" <DoNotContactMe@xxxxxxxxxxxxxx> schrieb im Newsbeitrag
news:OCeFfbz1HHA.4004@xxxxxxxxxxxxxxxxxxxxxxx
Actually, Q279815 may be a better option, as it's for VB6.

"Tony Proctor" <tony_proctor@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:O0uf0%23F1HHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
Actually, Mark, I'd completely missed the fact Ivan was already using the
Active DS library to achieve his first goal.

As for the second, I was going to suggest visiting Q180548, and then I
remembered how complicated it all was :-(

Tony Proctor

"Mark Yudkin" <DoNotContactMe@xxxxxxxxxxxxxx> wrote in message
news:OMfAr2F1HHA.5884@xxxxxxxxxxxxxxxxxxxxxxx
The OP asked "Is it possible to verify AD passwords for use with 2.",
where
"2. User logs in the app using his AD username & password.". I therefore
understood him to want to validate a given username + password pair
inside
of his application, not as wanting to to manipulate AD properties from
within his application.

As of W2K, a DC authenticates domain accounts "using AD information" via
Kerberos. Kerberos does not pass passwords across the network, rather it
uses a "double-encryption technique" (that's very sloppy I know) to
verify
that both parties know the same shared secret, without either party
having
to reveal that secret. That validation produces a ticket granting ticket
that is used for all further authentication purposes, so that
applications
never need to know anything about passwords. This is what makes it
possible
to replace passwords with smartcards, SecurId, biometric devices or the
like.

"Tony Proctor" <tony_proctor@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:ukQJqzE1HHA.3768@xxxxxxxxxxxxxxxxxxxxxxx
There is no such thing as an AD password

It's probably a "word" issue Mark but I would say that term does have
some
validity. AD is a just hierarchical database of network-wide objects.
As
of
W2K, a domain controller validates domain accounts using AD. Local
accounts
are still validated against the registry-based SAM used pre-W2K.
Mostly,
though (with a few exceptions), user management shouldn't have to
worry
about that

Coming back to Ivan's question: have you looked at using the "Active
DS
Type
Library", e.g. IADsUser, etc. They allows you to browse machines,
groups,
users in a group, etc., and manage their properties

Tony Proctor

"Mark Yudkin" <DoNotContactMe@xxxxxxxxxxxxxx> wrote in message
news:emPSJib0HHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
Judging from your question you seemed to be very confused between AD
and
security. There is no such thing as an AD password. AD is a
directory.
Security is provided by security providers such as Kerberos.

Provided your application understands Windows security, your user
doesn't
need to log in. Making a VB6 application understand Windows security
is
normally very easy, in the worst case you have to do a bit of COM+
coding,
but that's a piece of cake in VB6 once you've understood the basics.
The
usual case in which authentication is needed is web clients, but for
that
case IIS provides all the parts you need as part of ASP / ASP.NET.

If your application needs to log in a user, the API is called
LogonUser.
Normally such applications should run as services; under Windows 2000
and
earlier, the API must be run from within the SYSTEM TCB.

An appliation prompting a user for a password should use
CredUIPromptForCredentials or CredUICmdLinePromptForCredentials. You
can
then call CredUIParseUserName and CredUIConfirmCredentials to
validate
the
credentials.

There is no easy way to verify a user's password (I believe Vista
added
an
API, but am unsure). You can use the SSPI directly; C code was
provided
in
the April 2001 MSDN Magazine, and it may be possible to convert this
to
VB6 - you're on your own if you choose to follow this route.

"Ivan Debono" <ivanmdeb@xxxxxxxxxxx> wrote in message
news:OMi$G8C0HHA.464@xxxxxxxxxxxxxxxxxxxxxxx
Hi all!!

A VB6 app must integrate with AD, specifically the user management
part.
Basically this is what needs to be done.

1. App displays list of AD users (this should be easy with the
activeds.tlb)
2. User logs in the app using his AD username & password.

Question...

Is it possible to verify AD passwords for use with 2 as I didn't
find
any
relevant method so far???

Thanks,
Ivan













.

Relevant Pages

  • Authenticating users join domain credentials ? --- win32 api ???
    ... I have a scenario where I have to validate a given set of credentials, ... without actually joining a computer to a domain, using the credentials. ... I am trying to find a windows native/managed api, which would let me do that. ...
    (microsoft.public.security)
  • Re: Encapsulating and Securing Pre-canned ADSI calls
    ... The OS will protect the credentials ... You could also set up the process account to use a specific admin identity ... Your business logic security layer ... > 1) Have the API obtain credentials of the user with admin rights in AD, ...
    (microsoft.public.dotnet.security)
  • Re: Custom URL String
    ... I would like the information entered in the text field to append to the string which will re-direct the user to the correct login site and validate it then. ... You're still going to need a database of *some* kind to hold the proper credentials, even if it's a hand-coded flat file. ... you can use the "header" function to call up another site and pass any strings you may need to... ...
    (php.general)
  • Re: verify windows password?
    ... will pass back to you whether the credentials it received were ... good without actually sharing those credentials with your ... If there is such an API I have never heard of it. ... Just set the frigging screen saver to require password ...
    (comp.databases.ms-access)
  • Re: Where/How to save passwords...
    ... credentials to access an internet based service. ... How do I go about protecting a users saved password? ... DPAPI is the API that has replaced the Protected Store used on Windows ...
    (microsoft.public.platformsdk.security)