Home > Archive > MSDN > December 2005 > logonuser not returning a good value
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
logonuser not returning a good value
|
|
| Stephane Gagne 2005-12-13, 6:57 pm |
| Hi,
I have created a simpe vb project that use the logonuser variable to verify
if a user exist within our domain and confirm the password. I have done
testing on different Win2k servers all connected to the same domain and for a
strange reason, some servers are not returning the good value ! The user I
am testing does not exist but the value returned say that the
username/password are ok !!!
Any idea ?
Thanks in advance
| |
| Gerry Hickman 2005-12-13, 6:57 pm |
| Hi,
Do you mean the locally logged on user or the user who is being
impersonated? In general the logged on user is not well defined, and
you'd need to state which API subsystem you are using.
On Win2k if you want the local user from a remote call, you'd usually
check to see if explorer.exe is running and if so, get the user from the
WinLogon key of the registry. For XP there's a WMI class for this.
If you're running as the user who is logged on, you can use the
environment variable or something based on the WNetGetUser() API
function call instead.
For full details, you're best to post this in either the WSH groups or
the WMI groups. Anyway, it's time to say goodbye to proprietary VB and
get on board with a standards-based language.
Stephane Gagne wrote:
> Hi,
>
> I have created a simpe vb project that use the logonuser variable to verify
> if a user exist within our domain and confirm the password. I have done
> testing on different Win2k servers all connected to the same domain and for a
> strange reason, some servers are not returning the good value ! The user I
> am testing does not exist but the value returned say that the
> username/password are ok !!!
>
> Any idea ?
>
> Thanks in advance
--
Gerry Hickman (London UK)
| |
| Stephane Gagne 2005-12-13, 6:57 pm |
| Hi,
I was doing the test with a domain administrator account. I am using
advapi32.dll to get the logonuser information. I want to authenticate users
who log in my application via active directory
"Gerry Hickman" wrote:
> Hi,
>
> Do you mean the locally logged on user or the user who is being
> impersonated? In general the logged on user is not well defined, and
> you'd need to state which API subsystem you are using.
>
> On Win2k if you want the local user from a remote call, you'd usually
> check to see if explorer.exe is running and if so, get the user from the
> WinLogon key of the registry. For XP there's a WMI class for this.
>
> If you're running as the user who is logged on, you can use the
> environment variable or something based on the WNetGetUser() API
> function call instead.
>
> For full details, you're best to post this in either the WSH groups or
> the WMI groups. Anyway, it's time to say goodbye to proprietary VB and
> get on board with a standards-based language.
>
> Stephane Gagne wrote:
>
>
> --
> Gerry Hickman (London UK)
>
| |
| Stephane Gagne 2005-12-13, 6:57 pm |
|
"Gerry Hickman" wrote:
> Hi,
>
> Do you mean the locally logged on user or the user who is being
> impersonated? In general the logged on user is not well defined, and
> you'd need to state which API subsystem you are using.
>
> On Win2k if you want the local user from a remote call, you'd usually
> check to see if explorer.exe is running and if so, get the user from the
> WinLogon key of the registry. For XP there's a WMI class for this.
>
> If you're running as the user who is logged on, you can use the
> environment variable or something based on the WNetGetUser() API
> function call instead.
>
> For full details, you're best to post this in either the WSH groups or
> the WMI groups. Anyway, it's time to say goodbye to proprietary VB and
> get on board with a standards-based language.
>
> Stephane Gagne wrote:
>
>
> --
> Gerry Hickman (London UK)
>
| |
| Gerry Hickman 2005-12-13, 6:57 pm |
| Hi Stephane,
> I was doing the test with a domain administrator account. I am using
> advapi32.dll to get the logonuser information. I want to authenticate users
> who log in my application via active directory
OK, well that's completely different. You didn't say anything about
Authentication and Active Directory in your original post. As I
understand it, LogonUser() is a function, it's not a way to get
"information", but rather it attempts a real logon. The thing it returns
is actually a security token in the context of the user:
BOOL LogonUser(
LPTSTR lpszUsername,
LPTSTR lpszDomain,
LPTSTR lpszPassword,
DWORD dwLogonType,
DWORD dwLogonProvider,
PHANDLE phToken
);
phToken is the [out] parameter.
I've never needed to use this kind of thing on Windows networks, as I
just use Integrated Authentication in the context of the user who is
logged onto Windows. For remote users, I do the same by through IIS.
This article covers a VB scenario that sounds similar to what you're using:
<http://support.microsoft.com/defaul...kb;en-us;248187>
You need to ensure the way you're checking the return value and token
makes sense, for example the BOOL return value only tells you if the
function succeeded or failed (as in an error), which is not the same as
whether the token is valid.
--
Gerry Hickman (London UK)
|
|
|
|
|