RE: Webserver and FTP user authentication

From: Corey Burke [MS] (coreyb_at_online.microsoft.com)
Date: 01/03/05 

Date: Mon, 03 Jan 2005 21:59:18 GMT

There are two types of users we're talking about here. Local and Domain.
Domain users have their passwords verified by the domain controller for
example mydomain.microsoft.com. Local users have their names+passwords
stored on the local device and are created using the NTLMSetUserInfo()
function or via the RemoteAdmin web ISAPI.

After you set the DefaultDomain key, you'll need to reset the device to get
it to use the new settings. When you set A=1 in the virtual root, you'll
get prompted for credentials. Enter in your domain credentials:
MYDOMAIN\DomainUserName and DomainUserPass. The local PC you're using to
view the web page will create an encrypted NTLM package that it will send
to the CE server. The CE server will then send this package on to the
domain controller which will decrypt it, verify the password and reply to
the CE device with whether or not the credentials were valid. The CE
device does not actually store your domain credentials and for security
reasons, it should not.

For local user authentication you need to create a user with
NTLMSetUserInfo, like the following:

        typedef BOOL ( *PFnSetUser )(IN LPCTSTR pszUser, IN LPCTSTR pszPassword);

        HMODULE hModule = NULL;
        PFnSetUser pFnSetUser;

        hModule = LoadLibrary( _T("ntlmssp.dll") );

        if( hModule == NULL )
        {
                QAError( TEXT("LoadLibrary() failed, error = %d"), GetLastError() );
                return FALSE;
        }

        pFnSetUser = (PFnSetUser)GetProcAddress(hModule, _T("NTLMSetUserInfo"));
        if(!pFnSetUser)
                return FALSE;

        pFnSetUser( _T("user1"), _T("pass1") );

Then put the local user's name in the UserList for the website like so, and
reset the web server to get the web server to read the new settings:
 [HKEY_LOCAL_MACHINE\Comm\HTTPD]
    "UserList"="user1"

The same goes for FTP authentication.
-Corey

Relevant Pages

  • Re: I hate IIS - "Server Application Unavailable" error message
    ... You can get it running on a domain controller by altering this account. ... Buy a web server. ... configure the <processModel> section of the Machine.config file to use ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Webserver and FTP user authentication
    ... i tried out as you said but still i'm facing ... I created a MFC exe and wrote the same code in OnButton ... > device does not actually store your domain credentials and for security ... > reset the web server to get the web server to read the new settings: ...
    (microsoft.public.windowsce.app.development)
  • serious problem running asp.net and framework on domain controller
    ... I have a web server which is also the domain controller. ... And at some stage, with the permissions gone, the same problem ... In the ASP.NET application I use user impersonization, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Unix Bind and Windows DNS coexist problem with forwarder ON
    ... >> resolve to the IP address of the domain controller so client can ... If the record points to a web server your ... Create in Windows or UNIX Bind? ...
    (microsoft.public.windows.server.dns)
  • Re: LDAP redundancy
    ... The web server is sitting in the DMZ server. ... And also what firewall rule is it to be ... off the domain controller in the trusted LAN. ...
    (microsoft.public.win2000.dns)