locked
Authentication Strategy for Unmanaged C++ RRS feed

  • Question

  • Hello,

    I need to add user authentication to an existing application. After authentication, an access level will be assigned to the user based on group membership. The application will run on computers in different security environments: Connected to a domain, member of a domain but disconnected and stand alone (never part of a domain).

    Which technologies (ASDI?) should I use to add this feature?

    Thanks in advance for you thoughts.

    Tuesday, June 21, 2011 6:51 PM

All replies

  • After some research I’ve arrived at the following solution:

     

    Get user name and password. User name must be in either UPN (User Principle Name) or DLN (Down Level Name) format.

     

    If user name is in DLN format, use ADsGetObject for serverless binding to obtain complete domain name.

     

    Use LogonUser to authenticate user. If user name does not contain or errors occur obtaining domain information, authenticate using local information.

     

    Group(s) to which the user belongs can be obtained by using NetUserGetGroups for domain authenticated users or NetUserGetLocalGroups for users authenticated to local computer.

     

    If anyone knows an easier/better/more secure approach I'd appreciate a reply.

     

    Thanks

    Wednesday, June 29, 2011 9:07 PM