getting windows username & password

[sasabunetic]

Hi!

I'm using Microsoft Visual C++ and I want to get the username of current user which is logged under Windows XP . How can I do this?

Can I also compare the password that the user writes to my application, with the password that the same user uses to log on windows(XP)?

Thanks

 

[MKuiper]

#include <windows.h>
#include <lmcons.h>

char UserName[UNLEN+1];
DWORD cbUserName = sizeof ( UserName );

if ( !GetUserName ( UserName, &cbUsername ))
{ // failed to get username, handle this here
}

for security reasons, it is NOT possible to get the windows password.


Marcel

 

[sasabunetic]

Thanks Marcel!

I have another question. The application that I work on, will run on few computers, which are connected into ethernet. Server is also connected in this ethernet. And the server containes all users, who are allowed to connect on this computers.
Application locks if you are not active for a few minutes. And if you want to log into application again, you have to write username and password. I want to make it so, that the user would have to write the same username and password which he/she uses to log into windows. I was told that this is possible, but nobody can explain me how. Do you maybe know?

Sasa

 

[MKuiper]

Sasa, it should be something like this:
(It will only work on NT4, 2000 or XP, it will not work on 9x/ME)

#include <windows.h>
#include <stdio.h>
#include <lmcons.h>

BOOL fCheckPassword ( char *User, char *Domain, char *Password )
{
  HANDLE hToken;
  if ( !LogonUser ( User, Domain, Password, LOGON32_LOGON_INTERACTIVE,
                    LOGON32_PROVIDER_DEFAULT, &hToken ))
     { return FALSE; }
  CloseHandle ( hToken );
  return TRUE; }

void main ( )
{
  char Domain [] = &quot;.&quot;;
  char User [UNLEN+1];
  DWORD cbUser = sizeof ( User );
  if ( !GetUserName ( User, &cbUser ))
     { printf ( &quot;Can't get username, error code = %d\n&quot;, GetLastError ( ));
       exit ( 1 ); }

  char Password[40];
  printf ( &quot;Enter password for user %s: &quot;, User );
  scanf ( &quot;%s&quot;, &Password );
  if ( fCheckPassword ( User, Domain, Password ))
     { printf ( &quot;OK&quot; ); } else
     { printf ( &quot;Wrong&quot; ); } }

Be sure to include advapi32.lib when linking.



Marcel

 

[sasabunetic]

Thanks Marcel. The sample code that you've sent me is working OK. There is another thing:
Let's say that 3 users are defined on one computer:
1. User1 with Pass1
2. User2 with Pass2
3. User3 with Pass3

User1 is currently logon and my application is running. After a few minutes (if the User1 is not active), my application locks (User1 is still logon). But now the User2 want to work with application on the same computer. So he writes his username(User2) and password(Pass2) into my application to unlock it.
So the question is next:
Can I check if User2 wrote right username and password into my application, while another user (User1) is loged on?
Is it possible to search all the users that are defined on one computer, while I'm loged on as User1?
Do I have to use ADSI?
Can you please help me with this?

Thanks,
Sasa

 

[MKuiper]

Sasa,


You wrote: Can I check if User2 wrote right username and password into my application, while another user (User1) is loged on?
I think so. Just replace the GetUserName ( .. ) part with something accepting a username from the keyboard.

BUT:

I have been thinking about your questions, and I think you should redesign this part of your application. I think it is not right for an application to use Windows logons. Even if the consequence is that users must remember two passwords, so be it.

An essential part of Windows security is passwords not being stored unencrypted anywhere, and only winlogon asking for it. Personally I would not trust any application except winlogon which is asking for my Windows account. Who can guarantee the application is not storing it somewhere and use it (later) for hacking purposes? Or that the application is being monitored by some malware?



Marcel

 

[sasabunetic]

I have the same opinion about using Windows usernames and passwords. But the company that will use this application, had that kind of specifications. We wanted to made it other way, but they said, that people in production, who will use this application, sometimes can't remember even one username and password.
It's maybe hard to understand for us, but that's how it is.

Have a nice day.
Sasa