Checking the credentials of users using windows (logonuser)

[paulfenwick]

Hi, Is it possible to use the logonuser call in advapi32.dll just to check that a username and password are valid.

I want to allow access to a database on a shared PC by simply 'asking' windows if the username and password are correct. I dont want to do any impersonation or anything just recieve back an answer yes / no.

Searching though the forums it seems that logonuser should be possible but I cant get it to work.

I tried putting:

Declare Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Boolean

in a public module, then just doing a simple call like:

Private Sub Command4_Click()

Dim UserName, Domain, Pwd As String
Domain = "domain"
UserName = Text1.Text
Pwd = Text2.Text
If LogonUser(UserName, Domain, Pwd) = False Then
MsgBox ("wrong password")
End If

End Sub
to test it out but it didnt work.

Thanks for any help

 

[rdandrade]

If there person was able to logon to windows, they already proved that they are who they are. When they open access, you can see the username and see what groups they are in. Asking again is redundant. It would be like Outlook asking for a password again after you've just logged into windows.

Here is a class I use to check the username and the groups they belong to. There is some extra stuff in here, but you'll get the idea. But it doesn't check a username and password with active directory.

Ray D'Andrade
Access Programmer

Option Compare Database

Const m_DomainName                  As String = "MyDomain"
Const m_SysAdminName                As String = "LoanManagerDBAdmin"
Const m_BasicUser                   As String = "LoanManagerDB"
Dim m_isMemberSysAdmin              As Boolean
Dim m_isMemberBasic                 As Boolean
Dim m_Username                      As String
Dim DeveloperMode                   As Boolean
Dim m_UserFK                        As Integer

Private Declare Function GetUserName Lib "advapi32.dll" _
Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long

Public Sub Class_Initialize()

    ' If I'm on the devel machine, automatically put me in the admin group
    If isDevelMachine() Then
        m_isMemberSysAdmin = True
        m_isMemberBasic = True
        m_Username = LCase(ReturnUserName)
    Else
        m_Username = LCase(ReturnUserName)
        'm_isMemberSysAdmin = IsMember(m_SysAdminName)
        'm_isMemberBasic = IsMember(m_BasicUser)
    End If
    
    ' look up the userfk
    m_UserFK = Nz(DLookup("PKID", "User", "Username='" & m_Username & "'"), 0)
    If m_UserFK = 0 Then
        ' add a new user to the database
        Dim rst As New ADODB.Recordset
        With rst
            .Open "SELECT TOP 0 * FROM [User]", CurrentProject.Connection, adOpenDynamic, adLockOptimistic, adCmdText
            .AddNew
            !Username = m_Username
            .Update
            m_UserFK = !PKID
            .Close
        End With
        Set rst = Nothing
    End If
    
    
End Sub

Private Function IsMember(strGroup As String) As Boolean

  Dim grp As Object
  Dim strPath As String
  
  strPath = "WinNT://" & m_DomainName & "/"
      Set grp = GetObject(strPath & strGroup & ",group")
  IsMember = grp.IsMember(strPath & m_Username)
  
End Function

Private Function ReturnUserName() As String

' returns the NT Domain User Name
Dim rString As String * 255, sLen As Long, tString As String
    tString = ""
    On Error Resume Next
    sLen = GetUserName(rString, 255)
    sLen = InStr(1, rString, Chr(0))
    If sLen > 0 Then
        tString = Left(rString, sLen - 1)
    Else
        tString = rString
    End If
    On Error GoTo 0
    ReturnUserName = UCase(Trim(tString))
End Function

Public Property Get isMemberSysAdmin() As Boolean
    isMemberSysAdmin = m_isMemberSysAdmin
End Property
Public Property Let isMemberSysAdmin(ByVal Value As Boolean)
    m_isMemberSysAdmin = Value
End Property

Public Property Get isMemberAdminServices() As Boolean
    isMemberAdminServices = m_isMemberAdminServices
End Property
Public Property Let isMemberAdminServices(ByVal Value As Boolean)
    m_isMemberAdminServices = Value
End Property

Public Property Get isMemberRegionalCoordinators() As Boolean
    isMemberRegionalCoordinators = m_isMemberRegionalCoordinators
End Property
Public Property Let isMemberRegionalCoordinators(ByVal Value As Boolean)
    m_isMemberRegionalCoordinators = Value
End Property

Public Property Get isMemberCommissionManagement() As Boolean
    isMemberCommissionManagement = m_isMemberCommissionManagement
End Property
Public Property Let isMemberCommissionManagement(ByVal Value As Boolean)
    m_isMemberCommissionManagement = Value
End Property

Public Property Get Username() As String
    Username = m_Username
End Property
Public Property Let Username(ByVal Value As String)
    m_Username = Value
End Property

Public Property Get UserFK() As Integer
    UserFK = m_UserFK
End Property

Ray D'Andrade

http://www.brightnetwork.com

 

[paulfenwick]

Hi Ray, thanks for that

The reason I wanted to check the username & password again is so that in areas where there is a shared PC, like in a laboratory there are often several users who might need to access the database but not want log out of windows and log back in first (due to running other applications on that PC. So it would be ideal if irrespective of which user is logged into windows, a new user could come along, open the database, enter his windows name and password and the database could check that he was a valid user without actually 'logging on to windows'. There are a few commerical applications that use this approach so it seems possible (somehow!).

Thanks again

Paul