Re: Windows Password Validation

Tony ...

Using the SSPI code at
http://vbnet.mvps.org/code/network/acceptsecuritycontext.htm I just tried
authenticating a test user with different passwords - both sspi#user and
sspi|user1#. Once set these passwords were correctly authenticated with
this code, so it appears the characters are not the problem.

--

Randy Birch
MS MVP Visual Basic
http://vbnet.mvps.org/
----------------------------------------------------------------------------
Read. Decide. Sign the petition to Microsoft.
http://classicvb.org/petition/
----------------------------------------------------------------------------



"Tony Spratt" <tony_spratt@xxxxxxxxxxx> wrote in message
news:eZxKCXSjFHA.2904@xxxxxxxxxxxxxxxxxxxxxxx
: Hi all.
:
: I have a VB 6 routine to validate users' passwords before allowing them
: access to a specific function, the code fro which I got from the Microsoft
: site. It works perfectly OK (it uses the security API functions) for most
: users, but fails to validate the password correctly if the password
contains
: any characters with ANSI codes greater than 127. This means it won't work
: for users with "#", "," or "|" in their passwords and since we enforce
: strong passwords (and those characters are acceptable to Windows), certain
: users are being barred from validating.
:
: I assume that built-in Windows functions that require password validation
: (drive mappings, screensavers, etc.) use the security API and they don't
: seem to have any problems, so I'm wondering if this is peculiar to VB
: applications using those APIs.
:
: If anyone could offer any help or advice, I'd be very grateful indeed. If
: required, I can zip up the class file source code and post it here.
:
: TIA,
:
: Tony Spratt.
:
:

.

Relevant Pages

  • Re: Windows Password Validation
    ... > Tony ... ... Once set these passwords were correctly authenticated with ... The failure is quite consistent - all characters above 127 cause failure. ...
    (microsoft.public.vb.winapi)
  • Re: VB6 & Active Directory
    ... understood him to want to validate a given username + password pair inside ... Kerberos does not pass passwords across the network, ... uses a "double-encryption technique" to verify ... Security is provided by security providers such as Kerberos. ...
    (microsoft.public.vb.general.discussion)
  • Re: [Full-Disclosure] Administrivia: List Compromised due to Mailman Vulnerability
    ... >Subscriber addresses and passwords have been compromised. ... but better is to extract and validate the tail of ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Re: SecurID with Active Directory ?
    ... > passwords, you could use some programmatic method to ... if the exe were ever to escape outside infrastructure controls. ... the application then allowed access to the ftp server and its credentials ... thus allowing the application to validate and run. ...
    (Full-Disclosure)
  • Re: Can I programmatically get passwords for user names?
    ... >logged in as Administrator, ... >passwords for user names? ... Best you can do is validate a password against the SAM and see if ...
    (microsoft.public.win2000.security)
Quantcast