Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Visual Basic > VB 6 Visual Basic 6 > VB How-To
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
VB How-To Ask your "How do I do this with VB?" questions in this forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the VB How-To section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old July 3rd, 2003, 01:29 PM
Authorized User
 
Join Date: Jun 2003
Location: , , .
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default user password validating

i am writing my first program in VB 6.0 and they are asking for a password verification against the password in Active Directory.
I just need to go out to the database in Active directory and grab the password of the user whose name appears in a textbox. When the user enters a password into another textbox i just want to make sure to validate that password and that this is the correct user.
I hope this makes sense.

Thanks
Doug
Reply With Quote
  #2 (permalink)  
Old July 8th, 2003, 05:12 AM
Authorized User
 
Join Date: Jul 2003
Location: Hyderabad, Andhra Pradesh, India.
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Do the following

Note:
1. Substitute ur values at #places(For ex: if ur field name in databse is usrPwd then replace rs("Fieldname#").value as rs("usrpwd").value

2. Assume that ur passwd field text box name is txtPasswd

Private Function FindUser() as Boolean
    dim Cn as new Adodb.connection
    dim Rs as recordset
    cn.open("Dsn=#;Uid=#;Pwd=#;")
    set rs=new recordset
    rs.open("Sqlstatement#",cn,adopenstatic,adlockopti mistic)
    if trim(txtPasswd.text)=rs("Fieldname#").value then
         FindUser=True
    else
         FindUser=False
    endif
if cn.state then 'checking the connection wether it is opened
   cn.close
end if
set cn=nothing
if rs.state then
   rs.close
end if
set rs=nothing
exit funtion
ErrHand:
   msgbox err.description
end function

'Call this function from ur valid events to check wether pwd is correct or not, if password exists it returns true else it returns false

Hope this solution help you

B.V.Kumar
Reply With Quote
  #3 (permalink)  
Old July 8th, 2003, 06:46 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , United Kingdom.
Posts: 1,212
Thanks: 0
Thanked 1 Time in 1 Post
Default

Doug, it just ain't that easy I'm afraid. The main stumbling block is that you cannot retrieve any user's Windows password through any means. Think about it, its a hacker's dream if you could write a program to look up a user and get his/her password. Even Windows doesn't know what the actual passwords are because it uses a common cryptographic technique known as "hashing". The closest you could attempt is to find out which hashing algorithm Windows uses, generate the hash yourself from the password input, then compare it to the hash stored by Windows...quite an ask for your first VB program.

Nobody does this sort of thing. A fundamental of the windows user interface is that you only log-on once - how fed-up would you be if every time you opened a program it asked you to provide your password again?

Sorry to be unhelpful, but I think that whoever is asking you to provide this password check needs to re-think exactly what they're trying to achieve by this - and then find a better way to achieve that.

regards
Phil
Reply With Quote
  #4 (permalink)  
Old July 9th, 2003, 08:18 AM
Authorized User
 
Join Date: Jun 2003
Location: , , .
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the suggestions.
doug
Reply With Quote
  #5 (permalink)  
Old July 18th, 2003, 06:55 AM
Registered User
 
Join Date: Jun 2003
Location: Stockholm, VÄLLINGE, Sweden.
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well it's not easy but...

It's true, you can't get the password from the domaincontroller or whatever but...

You can send: username, presumedPWD and domain to be validated by the sucuritycomponents in windows. This way you will validate the user without knowing his or hers password. Note though this is like logging in on a mashine, after X failed attempt it's likely that the account is locked/disabled!

Yours Truly Mårten :-)

Yours sincerely Marten
Reply With Quote
  #6 (permalink)  
Old July 18th, 2003, 08:24 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: McPherson, Kansas, USA.
Posts: 128
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I agree with pgtips

"Nobody does this sort of thing. A fundamental of the windows user interface is that you only log-on once - how fed-up would you be if every time you opened a program it asked you to provide your password again?"

I think you need to define what they are trying to accomplish.

In many of my programs I use a username and password. Mainly it is to provide various levels of access. If a user opens the program without logging on then they have limits or I may have an engineering level of access that allows certain configuration settings. It has helped to make my programs more dynamic and configurable. But the username and password scheme that I am using is independent of Windows security. I use a level of encryption and have created a dll and a standard interface. Over time we have developed a method of controlling access to forms by using the HelpContextID property to make the menus dynamic based on user login and group.

So, I think it is important to find out the "Why" as well as the "What".


Larry Asher
Reply With Quote
  #7 (permalink)  
Old August 14th, 2003, 07:33 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , United Kingdom.
Posts: 1,212
Thanks: 0
Thanked 1 Time in 1 Post
Default

Doug, I don't know if you're still interested in this but, for the sake of the archive, I stumbled across this interesting piece of code which uses the LogonUser WinAPI function to validate a given user name and password (note, though, that it does not get the current password of the user)
Code:
Private Declare Function LogonUser Lib "Advapi32" Alias "LogonUserA" (ByVal _
    lpszUserName As String, ByVal lpszDomain As String, _
    ByVal lpszPassword As String, ByVal dwLogonType As Long, _
    ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As _
    Long
Const LOGON32_PROVIDER_DEFAULT = 0&
Const LOGON32_LOGON_NETWORK = 3&

' Check whether a username/password pair is correct
'
' if DOMAIN is omitted, it uses the local account database
' and then asks trusted domains to search their account databases
' until it finds the account or the search is exhausted
' use DOMAIN="." to search only the local account database

Private Function CheckWindowsUser(ByVal UserName As String, _
    ByVal Password As String, Optional ByVal Domain As String) As Boolean

    Dim hToken As Long, ret As Long

    ' provide a default for the Domain name
    If Len(Domain) = 0 Then Domain = vbNullString
    ' check the username/password pair
    ' using LOGON32_LOGON_NETWORK delivers the best performance
    ret = LogonUser(UserName, Domain, Password, LOGON32_LOGON_NETWORK, _
        LOGON32_PROVIDER_DEFAULT, hToken)

    ' a non-zero value means success
    If ret Then
        CheckWindowsUser = True
        CloseHandle hToken
    End If

End Function
BTW I found it on http://www.vb2themax.com

rgds
Phil
Reply With Quote
  #8 (permalink)  
Old November 4th, 2003, 04:46 AM
Registered User
 
Join Date: Nov 2003
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I agree with pgtipsb also!

It's not easy to get the active directory accounts and their passwords. I got a same situation, my application would like to check if user and password existing in Active Directory. And I tried to run the code of pgtips but it didn't run. The LogonUser function always return O, means failed. I also tried to search on Microsoft but I couldn't fix that bug.

My Domain Controller run on Advance Server 2000, and Client run on Professional Windows 2000.

Does any guy have solutions to solve this?

Thanks,


Thanh.
Reply With Quote
  #9 (permalink)  
Old November 8th, 2004, 05:35 PM
Registered User
 
Join Date: Nov 2004
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello Phil, If I really need to get password hash of a user from Active Directory, how can I do that. It seems that it is not in user information fetched from AD. Thank you. Jeffrey

Quote:
quote:Originally posted by pgtips
 Doug, it just ain't that easy I'm afraid. The main stumbling block is that you cannot retrieve any user's Windows password through any means. Think about it, its a hacker's dream if you could write a program to look up a user and get his/her password. Even Windows doesn't know what the actual passwords are because it uses a common cryptographic technique known as "hashing". The closest you could attempt is to find out which hashing algorithm Windows uses, generate the hash yourself from the password input, then compare it to the hash stored by Windows...quite an ask for your first VB program.

Nobody does this sort of thing. A fundamental of the windows user interface is that you only log-on once - how fed-up would you be if every time you opened a program it asked you to provide your password again?

Sorry to be unhelpful, but I think that whoever is asking you to provide this password check needs to re-think exactly what they're trying to achieve by this - and then find a better way to achieve that.

regards
Phil
Reply With Quote
  #10 (permalink)  
Old April 21st, 2005, 09:17 PM
Registered User
 
Join Date: Apr 2005
Location: KL, WP, Malaysia.
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The code provided by pgtips is not working, it always return TRUE even if i pass in wrong information to it ....any idea on how to checking whether current user is the valid Window user by prompting them to key in they login name and password again ?
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how can i mail the password to the user? ayem Visual Studio 2008 3 August 13th, 2008 06:52 AM
password/user functions sola Access 3 January 13th, 2006 08:49 AM
what is the password and user id for ........! Random Servlets 1 November 8th, 2005 02:59 AM
validating user input hosefo81 Javascript How-To 12 March 3rd, 2004 09:32 AM
Validating user input stu9820 VB.NET 2002/2003 Basics 2 January 15th, 2004 12:51 PM



All times are GMT -4. The time now is 11:29 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.