forum.vdsworld.com Forum Index forum.vdsworld.com
Visit VDSWORLD.com
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Validate User

 
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help
View previous topic :: View next topic  
Author Message
DavidR
Contributor
Contributor


Joined: 05 Aug 2003
Posts: 83
Location: Bethel Pennsylvania U.S.A.

PostPosted: Tue Mar 09, 2004 5:52 pm    Post subject: Validate User Reply with quote

Greetings! I have an envionment where approx. 100 PC's (XP Pro) are used by about 400 Users. Obviously this means that some PC's are shared by many users. Every User has an "account" and can log in as themself but we often log in at a PC with a "generic" account. That way users can walk up to a PC, use a common application and leave without having to go through the login process every time. If a user wants to use a "personal" application (like email) they will have to logon as themselves
(it's an NT "Domain).
Here is the problem. I have a VDS application that I would like any user to be able to use but not anonymously. Right now I use the registry to check if an individual is logged in and if so they can use the application. If it is a "generic" account logged in access is denied.
I would like to be able to pop up a username/password box to grant access to my application without requiring the user to log in to the computer. All it needs to do is find out if a valid username/password combination was entered. Is there a reasonable way to do this with VDS5
Thanks...........
............David
Back to top
View user's profile Send private message
Skit3000
Admin Team


Joined: 11 May 2002
Posts: 2166
Location: The Netherlands

PostPosted: Tue Mar 09, 2004 7:51 pm    Post subject: Reply with quote

Do you know how the usernames and passwords are stored on the server? If an encryption routine like MD5 is used, you should be able to check if the given username/password combination is right...
_________________
[ Add autocomplete functionality to your VDS IDE windows! ]
Voor Nederlandse beginners met VDS: bekijk ook eens deze tutorial!
Back to top
View user's profile Send private message
FreezingFire
Admin Team


Joined: 23 Jun 2002
Posts: 3508

PostPosted: Tue Mar 09, 2004 8:03 pm    Post subject: Reply with quote

A more practical but much harder approach would be to keep all the users
allowed access to the program in a file or in the registry. Check if the user
name currently logged on matches a name of a user in your allow list,
then if that's correct, check the password too. Smile

_________________
FreezingFire
VDSWORLD.com
Site Admin Team
Back to top
View user's profile Send private message Visit poster's website
DavidR
Contributor
Contributor


Joined: 05 Aug 2003
Posts: 83
Location: Bethel Pennsylvania U.S.A.

PostPosted: Tue Mar 09, 2004 8:07 pm    Post subject: Reply with quote

Actually Users are changing regularly so it would be difficult to keep a current list.
Logon is validated by domain controller, I wouldn't have access to the files to compare passwords..
Hmmm. Was hoping to have a way to "ask" the Domain Controller if this is a valid username/password combination.
Back to top
View user's profile Send private message
PGWARE
Web Host


Joined: 29 Dec 2001
Posts: 1566

PostPosted: Tue Mar 09, 2004 8:21 pm    Post subject: Reply with quote

There appears to be a Delphi component suite that does this:

http://www.sam-solutions.net/products/prdFAQ.php?prdPack=8&prd=8#5

Take a look at the TNTVerifyLogon, as I think this is what you are trying to acheive?

The component appears to be $99, but you'll obviously need to turn it into a vds dll. You can ask various dll authors here for assistance with that (I no longer make custom dll's).

There is a demo version available so a dll developer should be able to test it and see if it works before any purchase is required.


Or if anyone here knows of another way, more then likely its just calling some Windows API's to achieve this functionailty - the goal is to find which API's Wink
Back to top
View user's profile Send private message
bbelcher
Contributor
Contributor


Joined: 30 Jul 2002
Posts: 172

PostPosted: Tue Mar 09, 2004 8:33 pm    Post subject: Reply with quote

How about this, make a share on your network and only allow authenicated users access. Make sure you set the share and the permissions to this. Then use the following code "it's not fully complete" to have them try to connect to this share. If successful you get there name from edit1.

This uses Tommy VDSINET 2.8 dll

good luck



Code:

EXTERNAL @path(%0)vdsinet.dll,Public Freeware Key|90257236
OPTION ERRORTRAP, error

  DIALOG CREATE,NETC Example,-1,0,295,113
REM *** Modified by Dialog Designer on 3/9/2004 - 15:20 ***
  DIALOG ADD,STYLE,STYLE1,,,B,F2F2F4,BLACK
  DIALOG ADD,EDIT,EDIT1,18,88,180,19,Username
  DIALOG ADD,EDIT,EDIT2,48,88,180,19,Password,,PASSWORD
  DIALOG ADD,BUTTON,BUTTON1,80,132,64,24,Authenticate
  DIALOG ADD,TEXT,TEXT1,20,28,,,Username:
  DIALOG ADD,TEXT,TEXT2,50,30,,,Password:
  DIALOG SHOW

wait event
goto @event()

:button1button 
%%username = @dlgtext(edit1)
%%password = @dlgtext(edit2)

  %%share = \\server\test
  NET NETC,USERNAME,%%username
  NET NETC,PASSWORD,%%password
  net netc,remotename,%%share
  NET NETC,LOCALNAME,Z:
  NET NETC,CONNECT
  NET NETC, DISCONNECT

goto evloop 
 
  :error
   %%error = @ERROR(E)
  info %%error
 
  if @equal(%%error,225)
  info bad password
  end
 
  :close
exit

rem 211 – Access to network resource denied.
rem 212 – Local device already assigned.
rem 213 – Local device type does not match network resource type.

rem 214 – Local device is invalid.
rem 215 – Network resource name is invalid or unlocatable.
rem 216 – Network path not found.
rem 217 – User profile is in an incorrect format.
rem 218 – Provider property does not match any provider.
rem 229 – Provider is busy.
rem 220 – Connection attempt cancelled.
rem 221 – Cannot save reconnect at logon information.
rem 222 – Connection already remembered.

rem 223 – Device in use by active process, cannot disconnect.
rem 224 – A network specific error occurred.
rem 225 – Invalid password.
rem 226 – Network not started or name could not be handled.
rem 227 – No network present.
rem 228 – Not connected to specified resource or on specified device.
rem 229 – Files are open on resource and force disconnect not specified.
rem 230 – User name or password incorrect.

rem 231 – Unhandled error using NETC.
rem 232 – Not all impo
 

Back to top
View user's profile Send private message
Tommy
Admin Team


Joined: 16 Nov 2002
Posts: 746
Location: The Netherlands

PostPosted: Tue Mar 09, 2004 11:59 pm    Post subject: Reply with quote

I think that the following Delphi code will work for this purpose:

Code:

var
  token: THandle;
begin
  if LogonUser(
    'myusername',             // LPTSTR;  string that specifies the user name
    'mydomain',               // LPTSTR;  string that specifies the domain or server
    'mypassword',             // LPTSTR;  string that specifies the password
    LOGON32_LOGON_NETWORK,    // DWORD;   specifies the type of logon operation
    LOGON32_PROVIDER_DEFAULT, // DWORD;   specifies the logon provider
    token                     // PHANDLE; pointer to variable to receive token handle
   ) then
   begin
     CloseHandle(token);
     ShowMessage('Successful');
   end
   else
     ShowMessage('Unsuccessful');


LOGON32_LOGON_NETWORK = 3;
LOGON32_PROVIDER_DEFAULT = 0;

Unfortunately I don't have time right now to convert it into VDS code.

Tommy
Back to top
View user's profile Send private message Send e-mail Visit poster's website
bbelcher
Contributor
Contributor


Joined: 30 Jul 2002
Posts: 172

PostPosted: Wed Mar 10, 2004 12:25 am    Post subject: Reply with quote

Tommy, I really really could use a dll like that.

Please dont forget about it when you have some free time.

I would pay for a full Authenticashion dll for a windows domain.

maybe vdsdll 3.1 Very Happy
Back to top
View user's profile Send private message
Tommy
Admin Team


Joined: 16 Nov 2002
Posts: 746
Location: The Netherlands

PostPosted: Wed Mar 10, 2004 12:36 am    Post subject: Reply with quote

Here's a fast update of VDSUTIL to version 1.7a, meaning it is an alpha version. It is
untested however I think it will work fine.

http://www.vdsworld.com/files/vdsutil17a.zip

New function:

@UTIL(AUTH, <username>, <domain>, <password>)
Returns '1' if successful, nothing if not.

Just as in the piece of Delphi example code.

Please realize that this should fairly easily be possible using VDS 5's built-in API calling
functionality, or using Gadget or VDSUG.DLL.

Tommy
Back to top
View user's profile Send private message Send e-mail Visit poster's website
bbelcher
Contributor
Contributor


Joined: 30 Jul 2002
Posts: 172

PostPosted: Wed Mar 10, 2004 12:57 am    Post subject: Reply with quote

Tommy, thats really cool getting that out so fast.
Back to top
View user's profile Send private message
vdsalchemist
Admin Team


Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA

PostPosted: Wed Mar 10, 2004 1:30 am    Post subject: Reply with quote

Tommy/Everyone,
Just to let you know the LogonUser function only works under NT, Win2k, and XP. It will not work under a Win9x based version of windows. That is why I have never bothered making a DSU or DLL for it.

Also just a Security note the password is there in plain text so know the machines your using this function on.

_________________
Home of

Give VDS a new purpose!
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
CodeScript
Moderator Team


Joined: 08 Jun 2003
Posts: 1060
Location: India

PostPosted: Wed Mar 10, 2004 2:19 am    Post subject: Reply with quote

I had made a DSU to do that but somehow?? it didn't work for a user on NT machines although it worked on XP/2k for network accounts using domain. After some good struggle I gave up as I don't have a environment to test it.
http://www.vdsworld.com/?page=search&keywords=Impersonate
Ofcourse this API is only for NT family machines.

This is a dll I wrote then for win2k/XP/2003
I don't know if it works as the person who requested never responded.
It is a non VDS dll for the simple reason that I then didn't know how to make a vds dll. Try this dll at your own risk.

http://codescript.vdsworld.com/VDS5src/Runasdll.zip

All that it does is takes a username/domain/password and path to a exe and runs the exe as the user specified.

_________________
Regards
- CodeScript
Arrow Give your application a professional look with the VDSGUI Extension


Last edited by CodeScript on Wed Mar 10, 2004 10:13 am; edited 4 times in total
Back to top
View user's profile Send private message Visit poster's website
bbelcher
Contributor
Contributor


Joined: 30 Jul 2002
Posts: 172

PostPosted: Wed Mar 10, 2004 2:26 am    Post subject: Reply with quote

In my perfect world there would be a dll or dsu that could do all of NT’s NETDOM.EXE commands and CUSRMGR.EXE commands. Along with a impersonate function. Like SU.EXE “switch user”

Most of my world revolves around the DOMAIN so any way to make life / Administration more enjoyable. Then giddy up.


NETDOM.EXE
[url]
http://www.tburke.net/info/suptools/topics/netdom_examples.htm
[/url]
CUSRMGR.EXE
[url]
http://www.tburke.net/info/reskittools/topics/cusrmgr.htm
[/url]

CodeScript , I've kept your DSU tucked away for future use. But I'm still using VDS 4.5. I cant seem to break away.
Back to top
View user's profile Send private message
DavidR
Contributor
Contributor


Joined: 05 Aug 2003
Posts: 83
Location: Bethel Pennsylvania U.S.A.

PostPosted: Thu Mar 11, 2004 10:45 am    Post subject: Reply with quote

Thanks to everybody for the suggestions and examples. I'm still researching this and experimenting to determine the best approach.
Codescript your little runasdll is fantastic. I've done some testing and it seems to work great. I need to figure out a way to deal with those users that are on 98 or NT machines but for XP and 2K it's perfect.
I'm guessing that the same functionality could be had with API calls and I tinkered a bit with the Impersonate examples but I'm struggling to grasp the concepts. Are there any good API tutorials out there that can help me get to some level of comfort with them.
Thanks again.. I don't often jump in the discussions here but I read every post! What a great support group!
.............David
Back to top
View user's profile Send private message
bbelcher
Contributor
Contributor


Joined: 30 Jul 2002
Posts: 172

PostPosted: Thu Mar 11, 2004 1:12 pm    Post subject: Reply with quote

Tommy,

I tried your vdsutil 1.7a dll and it's not working for me. It just returns null no mater what.

\
Code:

  directory change,@path(%0)
rem vdsutil.dll 1.7a
  external vdsutil.dll
%%pw = password
%t = @UTIL(AUTH,username,domain,%%pw)
info %t
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Twitter@vdsworld       RSS

Powered by phpBB © 2001, 2005 phpBB Group