Wednesday, April 23, 2008 9:56 AM
My Appologies if this is not the right forum.
we have a requirement in our application. We want to authenticate our application based on the windows user name and password. I can get the user name but how do I get and store the password. I need this because we do not want our clients to enter user name and password at all. They only need to type their user credentials when they logon to the computer and our application should be able to get the windows user credentials automatically without prompting the user for it.
Is there any way to do so? Please help.
If I am in the wrong forum then please direct me to the right one. I'll really appreciate your help.
Monday, April 28, 2008 8:29 AMFor fairly obvious reasons applications can't just get the full credentials of the logged on user. It's not clear what you're attempting to authenticate against, but if your clients are likely to be using a Windows domain then you might want to look into using Kerberos as it's the best way of getting single sign-on authentication.
Friday, May 02, 2008 11:46 AM
Thanks for the reply. I am using SSPValidateUser(Username as string, Domain as string, Password as string) as boolean
to authenticate a windows domain user. Now the code works good with the local domain, but if I try to authenticate a user from another domain, it does not authenticate the user and returns a false value.
The Code for SSPValidateUser can be found here.
This method authenticate any local user account or any user on the home domain. But if I try to authenticate a user from domain2 then it returns a false value.
You mentioned to use kerberos, I guess this method already uses it. If you want I can send you a sample application.
Is this method capable of validating users from any domain, or just a local domain?
I am desperate, please help.
Friday, May 02, 2008 12:00 PM
If you are using Active directory on your server/Network, and the authentication done from your Active Directory, then you can easily get those user id, password etc. For this you can give a try using ADSI (Active Directory Services Interface) object, ADSI provides LDAP, WinNT, NDS.
System.DirectoryServices or System.DirectoryServices.Protocols namesspace.
Friday, May 02, 2008 12:23 PM
Yes I am using active directory. But In my active directory, I can just see my primary domain. I can not see another domain from which I want to authenticate users.
I am using VB6 and found THIS article which includes code for authenticating users using SSPI.
You mentioned to use ADSI and LDAP. does it provide any mechanism for verifying user name and password over a domain? If yes, Can you please explain it a bit or direct me to a useful link?
Tuesday, May 06, 2008 11:12 AM
I am still waiting for a response. Please help I am desparate. I can validate local computer users and domain users. Now I have two domains. On 'domain A' to which I am logged on , I can verify user credentials for any users on the same domain but I can't verify user credentials from 'domain B'. Is there any way to doing so.
I am using SSPI methods to verify user name and password on a specified domain. Any help appreciated.
Tuesday, May 06, 2008 12:08 PM
Tuesday, May 06, 2008 12:12 PMI believe that Domain A would need to trust Domain B for that to work.
Tuesday, May 06, 2008 12:52 PM
Thank you andy.
I am not sure whether my domains have a trust relationship. However, when I try to map a network drive to a different domain user, it can access the resources on another domain. Does this mean that my domains have a trust relationship. Also if I try to access resources from another domain using windows e.g Start > Run> \\domainB\somefolder. It will open the folder and display its contents without asking for any password or username.
If this does not prove that the domains have a trust relationship amongst them, then how to test whether they have a trust or not.
Furhtermore, if I goto Control Panel > Administrative tools > Computer Management > Local users and groups > Groups > Administrators I can see my currently logged on user e.g mydomain\nasir. but if i try to add a user from domain B to the administrators group. it says to select a proper location. because the directory only lists Domain A and its sub folders and local computer.
Does it give any hint on whether domain B is trusted or not.
If I am not clear enough explaining my problem, please mention.
Also when I use setspn.exe utility, it display DomainA and local computer's SPN but not the Domain B.
Setspn -L computername
sorry for a long essay.
Any help appreciated
Tuesday, May 06, 2008 2:41 PM
Seems like people are busy here or not interested or my problem is rare
Wednesday, May 07, 2008 8:44 AM
Isn't anyone out there who can help me !