Re: Get user password in Active Directory
- From: Juan Manuel Porras Gálvez <jmpgalvez@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 7 Oct 2007 02:40:01 -0700
Ok, that's right.
Thanks for all.
"Joe Kaplan" wrote:
You can't do what you want to do with .NET. For one, the passwords in AD.
are not stored encrypted by default, so they cannot be decrypted. They are
hashed. The only way to recover the data from a hash is with some sort of a
hacking algorithm that attempts to crack the hash (although such tools
exist). However, you can't get to any of this data remotely or
programmatically via .NET.
The thing you are trying to do is not the way you usually solve this problem
as it is a serious compromise to security. Normaly, you try to ensure that
your AD environment is adequately deployed so that a loss of a single domain
controller will not take down your whole infrastructure.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Juan Manuel Porras Gálvez" <jmpgalvez@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:FBD33CF9-20A8-44A1-A5ED-783A01725EE7@xxxxxxxxxxxxxxxx
Hello Mathieu,
yes, Windows authentication is one of the best solutions, but, in my case,
there are several restrictions, like lost connectivity, ... that makes no
possible to implement this solution. An altenative solution is the one
that
I've written to you: get encrypted user password from Active Directory,
save
into a database and then encrypt the user password, write down, in plain
text
to compare it with the database value.
Hmmmm ... in this way I think that's no possible to get password, but ...
another question, do you know any way to encrypt an user password with the
same function or algorithm that Active Directory do?.
MD5 algorithm?.
Thanks very much indeed.
"Mathieu CHATEAU" wrote:
why not just using ldap to validate the account ?
As you are using .Net, you can even use integrated authentification,
which
is far better from a user experience perspective !
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
"Juan Manuel Porras Gálvez" <jmpgalvez@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:81EA036D-CA53-4376-A390-F6A7B275D735@xxxxxxxxxxxxxxxx
Thanks for your response, but by programming, only by programming, I
need
to
know how to get the encrypted user password in Active Directory and
then
save
it into a database.
By this way, when an user log on into my application, I'll try to
encrypt
the password manually introduced and I'll compare it with the other one
saved
into the database.
Regards.
"Mathieu CHATEAU" wrote:
Hello,
tools exist. They dump the AD database from DC.
What are you trying to achieve ?
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
"Juan Manuel Porras Gálvez" <jmpgalvez@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:7178CC2F-47EC-4049-9FCF-23624C501351@xxxxxxxxxxxxxxxx
Hello all, my question is: are there any way to get the encrypted
user
password in Active Directory using .NET programming?.
I suppose it's no possible to get uncrypted user password, and ...
are
there
any algorithm, function, or things like that to encrypt user
password
like
Active Directory?.
Thanks very much.
- References:
- Re: Get user password in Active Directory
- From: Mathieu CHATEAU
- Re: Get user password in Active Directory
- From: Juan Manuel Porras Gálvez
- Re: Get user password in Active Directory
- From: Mathieu CHATEAU
- Re: Get user password in Active Directory
- From: Juan Manuel Porras Gálvez
- Re: Get user password in Active Directory
- From: Joe Kaplan
- Re: Get user password in Active Directory
- Prev by Date: DSListRoles Call Failed, Error 6 Could not reach DS at home server
- Next by Date: Re: domain
- Previous by thread: Re: Get user password in Active Directory
- Next by thread: Re: Get user password in Active Directory
- Index(es):
Relevant Pages
|
