Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security question ... Is this possible?

Status
Not open for further replies.

Wallegator

Programmer
Jan 3, 2001
58
US
I have a VB application. I grab the NT users name. I want to enter a password and verify that the entered password matches my NT password. If it does not match access to the application is denied.

Is this possible? If so, can you to direct me to any articles that will show me how to accomplish this.

Thank you in advance.
 
Is this a re-post of your thread222-357987? If so, I don't believe that NT security has changed that much since then
________________________________________________________________
If you want to get the best response to a question, please check out FAQ222-2244 first

'People who live in windowed environments shouldn't cast pointers.'
 
Option Explicit
Private Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long


Private Sub Form_Load()
Dim sUserID As String
Dim sUserIDFromUser As String
Dim iLen As Integer

sUserID = Space$(100)
iLen = GetUserName(sUserID, 100)
If iLen = 0 Then
' Err.Raise ERROR_READING_COMPUTER_NAME
End If
sUserID = Left$(sUserID, InStr(sUserID, vbNullChar) - 1)

sUserIDFromUser = InputBox("Enter ID")
If UCase$(sUserID) = UCase$(sUserIDFromUser) Then
MsgBox "Valid User"
Else
MsgBox "InValid User"
End If

End Sub
 
Re: Is this a re-post?
No. In my previous post I asked if I could populate a field in the VB form with the Windows NT password. In this post I want to compare what I enter as a VB password to what I entered as an NT password. If the inputs equal, access is allowed. If the inputs do not equal, access is denied.
 
You still can't get hold of an NT password

I would think that persistence at trying to break NT security would bring a RED-FLAG!
________________________________________________________________
If you want to get the best response to a question, please check out FAQ222-2244 first

'People who live in windowed environments shouldn't cast pointers.'
 
I misunderstood your question. Disregard my previous post in this thread. I don’t know of a way to obtain an NT password.
 
What you are trying to do is not possible. The NT password is encrypted by an 1 way algorythm. Even the NT LSA cannot 'view' a password in plain text

You can achieve what you want by creating a NT local group and adding authorised user to it. You can then check the user is a member of that group which will achieve the same result.

That is a relatively simple API based thing to do and will solve your`requirement (if that is truely what the question is about)

johnwm I agree entirely about persistent requests to crack NT security being red flagged.

Matt
 
My intent is NOT to crack NT security. I am only posing the question with the intent to fulfill a database request and alleviate multiple user logins/passwords. However, I can see that my question may be viewed as malicious in nature.

I thank you all for your comments.
 
what sort of DB are you using?

If you are serious about authenticating your users, read up on NT security and implement a scheme that checks the NT grouping of the user. If this is valid, you can initiate a DB connection using a password that is hardcoded (an encrypted) into your connection string.

If you then have problems with this sort of scheme, post some code so that we can verify what you are trying to do.

The NT security model is flexible enough to let you do this sort of thing, but you do not need to authenticate users yourself. That authentication is something that NT has already done!

Matt
 
Matt is right ..

the way to do is is to create an NT group and add the users to it that you want to access the system. When you run the system you do a check that the user is in that NT group, if they are you go ahead, if not you'd give an access denied error and stop the program. This is also useful because your users don't have to remember another login/password, your application does this for you.

Transcend
 
If you are using SQL2000 server try this...

use integrated (NT) security for your connection and do all your validation through SQL security.

If it is imperative that users are denied access to your app and not just the sql data then open the connection first thing in your app and trap the access denied error there

Matt
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top