| View previous topic :: View next topic |
| Author |
Message |
DavidR Contributor

Joined: 05 Aug 2003 Posts: 83 Location: Bethel Pennsylvania U.S.A.
|
Posted: Tue Mar 09, 2004 5:52 pm Post subject: Validate User |
|
|
Greetings! I have an envionment where approx. 100 PC's (XP Pro) are used by about 400 Users. Obviously this means that some PC's are shared by many users. Every User has an "account" and can log in as themself but we often log in at a PC with a "generic" account. That way users can walk up to a PC, use a common application and leave without having to go through the login process every time. If a user wants to use a "personal" application (like email) they will have to logon as themselves
(it's an NT "Domain).
Here is the problem. I have a VDS application that I would like any user to be able to use but not anonymously. Right now I use the registry to check if an individual is logged in and if so they can use the application. If it is a "generic" account logged in access is denied.
I would like to be able to pop up a username/password box to grant access to my application without requiring the user to log in to the computer. All it needs to do is find out if a valid username/password combination was entered. Is there a reasonable way to do this with VDS5
Thanks...........
............David |
|
| Back to top |
|
 |
Skit3000 Admin Team

Joined: 11 May 2002 Posts: 2166 Location: The Netherlands
|
|
| Back to top |
|
 |
FreezingFire Admin Team

Joined: 23 Jun 2002 Posts: 3508
|
Posted: Tue Mar 09, 2004 8:03 pm Post subject: |
|
|
A more practical but much harder approach would be to keep all the users
allowed access to the program in a file or in the registry. Check if the user
name currently logged on matches a name of a user in your allow list,
then if that's correct, check the password too.  _________________ FreezingFire
VDSWORLD.com
Site Admin Team |
|
| Back to top |
|
 |
DavidR Contributor

Joined: 05 Aug 2003 Posts: 83 Location: Bethel Pennsylvania U.S.A.
|
Posted: Tue Mar 09, 2004 8:07 pm Post subject: |
|
|
Actually Users are changing regularly so it would be difficult to keep a current list.
Logon is validated by domain controller, I wouldn't have access to the files to compare passwords..
Hmmm. Was hoping to have a way to "ask" the Domain Controller if this is a valid username/password combination. |
|
| Back to top |
|
 |
PGWARE Web Host

Joined: 29 Dec 2001 Posts: 1566
|
Posted: Tue Mar 09, 2004 8:21 pm Post subject: |
|
|
There appears to be a Delphi component suite that does this:
http://www.sam-solutions.net/products/prdFAQ.php?prdPack=8&prd=8#5
Take a look at the TNTVerifyLogon, as I think this is what you are trying to acheive?
The component appears to be $99, but you'll obviously need to turn it into a vds dll. You can ask various dll authors here for assistance with that (I no longer make custom dll's).
There is a demo version available so a dll developer should be able to test it and see if it works before any purchase is required.
Or if anyone here knows of another way, more then likely its just calling some Windows API's to achieve this functionailty - the goal is to find which API's  |
|
| Back to top |
|
 |
bbelcher Contributor

Joined: 30 Jul 2002 Posts: 172
|
Posted: Tue Mar 09, 2004 8:33 pm Post subject: |
|
|
How about this, make a share on your network and only allow authenicated users access. Make sure you set the share and the permissions to this. Then use the following code "it's not fully complete" to have them try to connect to this share. If successful you get there name from edit1.
This uses Tommy VDSINET 2.8 dll
good luck
| Code: |
EXTERNAL @path(%0)vdsinet.dll,Public Freeware Key|90257236
OPTION ERRORTRAP, error
DIALOG CREATE,NETC Example,-1,0,295,113
REM *** Modified by Dialog Designer on 3/9/2004 - 15:20 ***
DIALOG ADD,STYLE,STYLE1,,,B,F2F2F4,BLACK
DIALOG ADD,EDIT,EDIT1,18,88,180,19,Username
DIALOG ADD,EDIT,EDIT2,48,88,180,19,Password,,PASSWORD
DIALOG ADD,BUTTON,BUTTON1,80,132,64,24,Authenticate
DIALOG ADD,TEXT,TEXT1,20,28,,,Username:
DIALOG ADD,TEXT,TEXT2,50,30,,,Password:
DIALOG SHOW
wait event
goto @event()
:button1button
%%username = @dlgtext(edit1)
%%password = @dlgtext(edit2)
%%share = \\server\test
NET NETC,USERNAME,%%username
NET NETC,PASSWORD,%%password
net netc,remotename,%%share
NET NETC,LOCALNAME,Z:
NET NETC,CONNECT
NET NETC, DISCONNECT
goto evloop
:error
%%error = @ERROR(E)
info %%error
if @equal(%%error,225)
info bad password
end
:close
exit
rem 211 Access to network resource denied.
rem 212 Local device already assigned.
rem 213 Local device type does not match network resource type.
rem 214 Local device is invalid.
rem 215 Network resource name is invalid or unlocatable.
rem 216 Network path not found.
rem 217 User profile is in an incorrect format.
rem 218 Provider property does not match any provider.
rem 229 Provider is busy.
rem 220 Connection attempt cancelled.
rem 221 Cannot save reconnect at logon information.
rem 222 Connection already remembered.
rem 223 Device in use by active process, cannot disconnect.
rem 224 A network specific error occurred.
rem 225 Invalid password.
rem 226 Network not started or name could not be handled.
rem 227 No network present.
rem 228 Not connected to specified resource or on specified device.
rem 229 Files are open on resource and force disconnect not specified.
rem 230 User name or password incorrect.
rem 231 Unhandled error using NETC.
rem 232 Not all impo
|
|
|
| Back to top |
|
 |
Tommy Admin Team
Joined: 16 Nov 2002 Posts: 746 Location: The Netherlands
|
Posted: Tue Mar 09, 2004 11:59 pm Post subject: |
|
|
I think that the following Delphi code will work for this purpose:
| Code: |
var
token: THandle;
begin
if LogonUser(
'myusername', // LPTSTR; string that specifies the user name
'mydomain', // LPTSTR; string that specifies the domain or server
'mypassword', // LPTSTR; string that specifies the password
LOGON32_LOGON_NETWORK, // DWORD; specifies the type of logon operation
LOGON32_PROVIDER_DEFAULT, // DWORD; specifies the logon provider
token // PHANDLE; pointer to variable to receive token handle
) then
begin
CloseHandle(token);
ShowMessage('Successful');
end
else
ShowMessage('Unsuccessful');
|
LOGON32_LOGON_NETWORK = 3;
LOGON32_PROVIDER_DEFAULT = 0;
Unfortunately I don't have time right now to convert it into VDS code.
Tommy |
|
| Back to top |
|
 |
bbelcher Contributor

Joined: 30 Jul 2002 Posts: 172
|
Posted: Wed Mar 10, 2004 12:25 am Post subject: |
|
|
Tommy, I really really could use a dll like that.
Please dont forget about it when you have some free time.
I would pay for a full Authenticashion dll for a windows domain.
maybe vdsdll 3.1  |
|
| Back to top |
|
 |
Tommy Admin Team
Joined: 16 Nov 2002 Posts: 746 Location: The Netherlands
|
Posted: Wed Mar 10, 2004 12:36 am Post subject: |
|
|
Here's a fast update of VDSUTIL to version 1.7a, meaning it is an alpha version. It is
untested however I think it will work fine.
http://www.vdsworld.com/files/vdsutil17a.zip
New function:
@UTIL(AUTH, <username>, <domain>, <password>)
Returns '1' if successful, nothing if not.
Just as in the piece of Delphi example code.
Please realize that this should fairly easily be possible using VDS 5's built-in API calling
functionality, or using Gadget or VDSUG.DLL.
Tommy |
|
| Back to top |
|
 |
bbelcher Contributor

Joined: 30 Jul 2002 Posts: 172
|
Posted: Wed Mar 10, 2004 12:57 am Post subject: |
|
|
| Tommy, thats really cool getting that out so fast. |
|
| Back to top |
|
 |
vdsalchemist Admin Team

Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Wed Mar 10, 2004 1:30 am Post subject: |
|
|
Tommy/Everyone,
Just to let you know the LogonUser function only works under NT, Win2k, and XP. It will not work under a Win9x based version of windows. That is why I have never bothered making a DSU or DLL for it.
Also just a Security note the password is there in plain text so know the machines your using this function on. _________________ Home of
Give VDS a new purpose!
 |
|
| Back to top |
|
 |
CodeScript Moderator Team

Joined: 08 Jun 2003 Posts: 1060 Location: India
|
Posted: Wed Mar 10, 2004 2:19 am Post subject: |
|
|
I had made a DSU to do that but somehow?? it didn't work for a user on NT machines although it worked on XP/2k for network accounts using domain. After some good struggle I gave up as I don't have a environment to test it.
http://www.vdsworld.com/?page=search&keywords=Impersonate
Ofcourse this API is only for NT family machines.
This is a dll I wrote then for win2k/XP/2003
I don't know if it works as the person who requested never responded.
It is a non VDS dll for the simple reason that I then didn't know how to make a vds dll. Try this dll at your own risk.
http://codescript.vdsworld.com/VDS5src/Runasdll.zip
All that it does is takes a username/domain/password and path to a exe and runs the exe as the user specified. _________________ Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension
Last edited by CodeScript on Wed Mar 10, 2004 10:13 am; edited 4 times in total |
|
| Back to top |
|
 |
bbelcher Contributor

Joined: 30 Jul 2002 Posts: 172
|
Posted: Wed Mar 10, 2004 2:26 am Post subject: |
|
|
In my perfect world there would be a dll or dsu that could do all of NTs NETDOM.EXE commands and CUSRMGR.EXE commands. Along with a impersonate function. Like SU.EXE switch user
Most of my world revolves around the DOMAIN so any way to make life / Administration more enjoyable. Then giddy up.
NETDOM.EXE
[url]
http://www.tburke.net/info/suptools/topics/netdom_examples.htm
[/url]
CUSRMGR.EXE
[url]
http://www.tburke.net/info/reskittools/topics/cusrmgr.htm
[/url]
CodeScript , I've kept your DSU tucked away for future use. But I'm still using VDS 4.5. I cant seem to break away. |
|
| Back to top |
|
 |
DavidR Contributor

Joined: 05 Aug 2003 Posts: 83 Location: Bethel Pennsylvania U.S.A.
|
Posted: Thu Mar 11, 2004 10:45 am Post subject: |
|
|
Thanks to everybody for the suggestions and examples. I'm still researching this and experimenting to determine the best approach.
Codescript your little runasdll is fantastic. I've done some testing and it seems to work great. I need to figure out a way to deal with those users that are on 98 or NT machines but for XP and 2K it's perfect.
I'm guessing that the same functionality could be had with API calls and I tinkered a bit with the Impersonate examples but I'm struggling to grasp the concepts. Are there any good API tutorials out there that can help me get to some level of comfort with them.
Thanks again.. I don't often jump in the discussions here but I read every post! What a great support group!
.............David |
|
| Back to top |
|
 |
bbelcher Contributor

Joined: 30 Jul 2002 Posts: 172
|
Posted: Thu Mar 11, 2004 1:12 pm Post subject: |
|
|
Tommy,
I tried your vdsutil 1.7a dll and it's not working for me. It just returns null no mater what.
\ | Code: |
directory change,@path(%0)
rem vdsutil.dll 1.7a
external vdsutil.dll
%%pw = password
%t = @UTIL(AUTH,username,domain,%%pw)
info %t
|
|
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum
|
|