473,847 Members | 1,428 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

how to pass nt password ?

I succesfully pass username , domain and password via this function (taken
from MSDN)

Private Declare Auto Function LogonUser Lib "advapi32.d ll" (ByVal
lpszUsername As [String], _

ByVal lpszDomain As [String], ByVal lpszPassword As [String], _

ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _

ByRef phToken As IntPtr) As Boolean

Dim returnValue As Boolean = LogonUser(usern ame, domain, pwd,
LOGON32_LOGON_I NTERACTIVE, LOGON32_PROVIDE R_DEFAULT, tokenHandle)

The above assumes that in the application, user will be required to enter
username, domain and password via keyboard

However i do NOT want the application to ASK user for the username,domain
and password. Instead the application shld use the current user context
since users already logon to a operating system eg XP.

i can extract username and domain using the WindowsIdentity .Name Property
which give it as domain\nt id, and then i pass to above function in
username, domain.

How do i extract password ? I know password cannot be seen, but at least
what can i do to pass the current password arguments into the above
function - logonuser ?




Nov 23 '05 #1
4 3333
"James" <jk****@hotmail .com> wrote in message news:eq******** ********@TK2MSF TNGP09.phx.gbl. ..
I succesfully pass username , domain and password via this function (taken from MSDN)

Private Declare Auto Function LogonUser Lib "advapi32.d ll" (ByVal lpszUsername As [String], _

ByVal lpszDomain As [String], ByVal lpszPassword As [String], _

ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _

ByRef phToken As IntPtr) As Boolean

Dim returnValue As Boolean = LogonUser(usern ame, domain, pwd, LOGON32_LOGON_I NTERACTIVE, LOGON32_PROVIDE R_DEFAULT,
tokenHandle)

The above assumes that in the application, user will be required to enter username, domain and password via keyboard

However i do NOT want the application to ASK user for the username,domain and password. Instead the application shld
use the current user context since users already logon to a operating system eg XP.

i can extract username and domain using the WindowsIdentity .Name Property which give it as domain\nt id, and then i
pass to above function in username, domain.

How do i extract password ? I know password cannot be seen, but at least what can i do to pass the current password
arguments into the above function - logonuser ?


The user is already logged on, so why would you want them to logon to
your program using the self same credentials? Your program should
simply run in user context (indeed, it should be tested on an account
with the minimum credentials required to operate). If your program
requires elevated privileges then the USER must provide the required
credentials, NOT your program. Bypassing the built-in security (such
as it is) is not an option if you want your application to remain compliant.
Nov 23 '05 #2
James,
Private Declare Auto Function LogonUser Lib "advapi32.d ll" (ByVal
lpszUsername As [String], _
You don't need to excape String with square brackets.

However i do NOT want the application to ASK user for the username,domain
and password. Instead the application shld use the current user context
since users already logon to a operating system eg XP.
Can't you just open the existing token then?

How do i extract password ?


You can't do that. Imagine the security problem if you could.
Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Nov 23 '05 #3
Perhaps i will explain more.

I run this service monitor application as a thread. Put as eg.

a) i logon in xp, run the service locally on xp1 local machine.
b) my application will read a list of machines files eg xp1, xp2, xp3, etc
c) the service application will generate thread pools every x seconds and
reach out to other machines having similar services and check whether it is
started.
d) if not started on machine xp2 or xp3, it will attempt to start on remote
machines.
e) to start service on remote machines, it needs to impersonate. Thus i used
the function - logonuser described below.
f) the logonuser fucntion requires username, domain and password. I can
extract username and domain, but i want my password which i logon on xp1 to
impersonate on xp2 or xp3 to start the xp2 or xp2 services.

Hope this explains why i want to pass my "password" onto other machines to
impersonate.

U see, all msdn documentations expect user to enter username, domain and
password to impersonate. I can do it at my application, but because it is
running as a service, it shld NOT ask user for password.

"Micky" <mi***@n05pam.c om> wrote in message
news:dl******** **@nwrdmz03.dmz .ncs.ea.ibs-infra.bt.com...
"James" <jk****@hotmail .com> wrote in message
news:eq******** ********@TK2MSF TNGP09.phx.gbl. ..
I succesfully pass username , domain and password via this function (taken
from MSDN)

Private Declare Auto Function LogonUser Lib "advapi32.d ll" (ByVal
lpszUsername As [String], _

ByVal lpszDomain As [String], ByVal lpszPassword As [String], _

ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _

ByRef phToken As IntPtr) As Boolean

Dim returnValue As Boolean = LogonUser(usern ame, domain, pwd,
LOGON32_LOGON_I NTERACTIVE, LOGON32_PROVIDE R_DEFAULT, tokenHandle)

The above assumes that in the application, user will be required to enter
username, domain and password via keyboard

However i do NOT want the application to ASK user for the username,domain
and password. Instead the application shld use the current user context
since users already logon to a operating system eg XP.

i can extract username and domain using the WindowsIdentity .Name Property
which give it as domain\nt id, and then i pass to above function in
username, domain.

How do i extract password ? I know password cannot be seen, but at least
what can i do to pass the current password arguments into the above
function - logonuser ?


The user is already logged on, so why would you want them to logon to
your program using the self same credentials? Your program should
simply run in user context (indeed, it should be tested on an account
with the minimum credentials required to operate). If your program
requires elevated privileges then the USER must provide the required
credentials, NOT your program. Bypassing the built-in security (such
as it is) is not an option if you want your application to remain
compliant.

Nov 23 '05 #4
"James" <jk****@hotmail .com> wrote in message news:O2******** ********@TK2MSF TNGP15.phx.gbl. ..
Perhaps i will explain more.

I run this service monitor application as a thread. Put as eg.

a) i logon in xp, run the service locally on xp1 local machine.
b) my application will read a list of machines files eg xp1, xp2, xp3, etc
c) the service application will generate thread pools every x seconds and reach out to other machines having similar
services and check whether it is started.
d) if not started on machine xp2 or xp3, it will attempt to start on remote machines.
e) to start service on remote machines, it needs to impersonate. Thus i used the function - logonuser described below.
f) the logonuser fucntion requires username, domain and password. I can extract username and domain, but i want my
password which i logon on xp1 to impersonate on xp2 or xp3 to start the xp2 or xp2 services.

Hope this explains why i want to pass my "password" onto other machines to impersonate.

U see, all msdn documentations expect user to enter username, domain and password to impersonate. I can do it at my
application, but because it is running as a service, it shld NOT ask user for password.


You didn't mention anything about a service in your OP. That's a different
breed of canine altogether.

Services can have their own credentials. You simply create an account for
your service, with the required credentials, as a post-installation process.
So long as the account exists on the local machine, the service can login.
And provided the credentials are sufficient to control remote machine
services, that's all you need.

For security, the password should be generated randomly (so even you--
the developer--won't know what it is). The password should then be
encrypted and cached in the local machine registry. Remember to use
SecureZeroMemor y to clear the password from memory. If the
password should become corrupt, the service administrator should
be given the means to delete the old account and create a new one
in its place.

Once that's done, only the service itself will know its own password,
and only service administrators should be able to run the service itself.

That's the only way to do it without asking the user to supply a
password. A password would only be required if the service is run
under impersonation (with Run As...).

The only other way to do it is to ask the user to enter the impersonation
credentials one time only and immediately cache the details in encrypted
form. However that poses a severe security breach, since any user can
then run the service using elevated credentials. A big no-no!


Nov 23 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
9651
by: HH | last post by:
I'm learning to design web applications with php, mysql, and apache from a book. I copied a sample application called guestbook 2000 that came with the CD in the book to my htdocs folder, but couldn't get the sign guestbook page (sign.php) to work. This page first checks the value of the $submit variable. If it is not "Sign", the page displays a blank form for the guest to sign. If it is "Sign", the page process the form information and...
3
2287
by: Bart Nessux | last post by:
I'm writing a script that does some basic pre-configuration for our new Macs (OSX 10.3.2). I'm trying to enable the root account automatically with the script, but I don't know how to pass stings to the shell when it stops and awaits input. For example, os.popen('/usr/bin/sudo passwd root') Cause the OS to respond with: Password:
1
2544
by: Joe | last post by:
I have 3 servers server1: http://server1/login.asp, http://server1/page1.as server2: http://server2/login.asp, http://server2/page1.as server3: http://server3/login.asp, http://server3/page1.as When the user login the username and password in http://server1/login.asp, and clic submit button, it will go to http://server1/page1.asp if the username/password are correct In http://server1/page1.asp, there are links to go to...
11
3576
by: DFS | last post by:
Architecture: Access 2003 client, Oracle 9i repository, no Access security in place, ODBC linked tables. 100 or so users, in 3 or 4 groups (Oracle roles actually): Admins, Updaters and ReadOnly. Each group sees a different set of menu options when they open the client and login to Oracle. For the sake of speed I use pass-through queries here and there for updates and deletes. I update their SQL property in code and execute them.
3
1433
by: Hei | last post by:
Hi All, i using .showdialog to show a child form for user input some data, and i wand to pass back these data to the parent form. how can i achieve this? thx. Hei.
2
7554
by: Steve Bottoms | last post by:
Is there any way to pass a login name/password when calling System.Web.Mail.SMTPMail? Can't find anything in the docs or KB... If not, any suggestions to get this functionality short of building something straight from sockets? Third party component isn't an option... :) Thanks! Jack
4
2681
by: metaperl | last post by:
The urlparse with Python 2.4.3 includes the user and pass in the site aspect of its parse: 'bill:james@docs.python.org' I personally would prefer that it be broken down a bit further. What are existing opinions on this?
0
6163
by: dotis | last post by:
I want to map a network drive (samba). The point is that you have to input Username and Password to connect. Every user has its unique username and password and whan type it , then go directly to its \home directory. I want to make VBS script to do that. i try this but when the user prompted for password anyone can see his pass...!!! Any ideas??? Dim strName 'Define the variable
2
1250
by: Dave Kelly | last post by:
I don't know if this question should be ask here or directed at my website server. Part of my web site is behind a user name, pass word protected directory made with the hosts routine. EV-one in this case. When I enter my name password to enter the directory and then leave to go to other parts of the website, I do not have to enter my name password when I come back.
0
9892
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9734
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10991
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10653
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10718
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9490
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7888
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5915
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4540
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.