Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Passing NT user/password to webserver for authentication.

Status
Not open for further replies.
awolff01

awolff01

Programmer
Jun 17, 2003
55
0
0
US
Hello,

I have a VBA module which goes out to a website and queries for data. The website requires username and password; I currently hard code the username and password of the person using it (Which happens to be the same as when they log into the machine). The problem is that every 3 months they are forced to change NT password and I have to modify the code to change the password there too. I would like to get the username and password of the currently logged in user of the machine and pass that to the webserver.

Is this possible?

Thanks.
 
Sort by date Sort by votes
In short no. But you could modify your code to read an .ini file and store the username and password in there. This way all you change is the .ini file when the password changes and you don't have to mess with the code.
 
Upvote 0 Downvote
once logged in a windows account does not hold the password. It gets from the domain a security token that uniquely identifies the user. When access to a network resource is requested the userid (and all the groups they belong to) is in the token and the domain resources trust that token thus not needing a password as it knows the users has already been authenticated by the domain.

What you should do is have the web site set up with intergrated windows authentication. Then when your vba requests the page the web server will automatically get passed that security token and that can be used to allow or deny access.

It is, to put it bluntly, stupid to have a userid/password hard coded in a app. Even more stupid to have the userid and password stored in a INI file or registry. basically what you are doing in both of those situations is the same as leaving the key to your house under the door mat. You are comprimising the whole security of the network. If the admin have profiles set up forcing password changes every few months they would probably freak to find out what you are doing. If they don't they are either bad at their job or they have security measures in place for the sake of it and not really needed. Personally I'm not one for putting up a fense around a garden to keep the rabbits out if the fence is only going to be going along one side of the garden leaving multiple other paths into the garden open.

There is no way to grab the password besides writing a new login process that replaces the windows login (this is what novell does) and in that case if you keep the password you are just opening up the network to hacking.


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2009luca
difficult to crteate a query very complicated 1
Replies
9
Views
616
Andrzejek
Andrzejek
2009luca
  • Locked
  • Question
USE find instead to loop
Replies
2
Views
112
Andrzejek
Andrzejek
sal21
  • Locked
  • Question
Center value in richtextbox, for strongm
Replies
2
Views
83
sal21
sal21
sal21
  • Locked
  • Question
Pplease for strongm, ftp problem to download file and copy inn c:\tabulati\
Replies
10
Views
88
sal21
sal21
marty1944
  • Locked
  • Question
error code 380 when trying to run the visual basic v6 deployment wizard
Replies
1
Views
160
marty1944
marty1944

Part and Inventory Search

Sponsor

Back
Top