473,395 Members | 1,766 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > visual basic .net > questions > security

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Security

I am running in a windows 2000 environment and have the following scenario /
question.

I have a vb.net application. Before allowing the user the go into the app,
I would like to validate against the windows password. Is there any easy way
to do this?
tia
Nov 21 '05 #1
4 2580
Hi

No, there is no easy way to do this because the function LogonUser API
doesn't work in Windows 2000 unless you can set the SE_TCB_NAME (act as part
of the operating system), which will allow Windows 2000 to be opened up. That
means its an extremely big security risk.

If you find out how to set SE_TCB_NAME using VB.NET then there are literally
thousands of people who will want to know the answer because Microsoft would
NEVER release this information.

You can set SE_TCB_NAME manually in Windows 2000, but you are risking
security in a big way. Go into CONTROL PANEL, ADMINISTRATIVE TOOLS, LOCAL
SECURITY POLICY, expand USER RIGHTS ASSIGNMENT & 'add' users to ACT AS PART
OF THE OPERATING SYSTEM.

Restart the computer & now LogonUser 'should' work.

I DO NOT ADVISE YOU TO DO THIS - YOU HAVE BEEN WARNED!!!!!!!!!!!!!!!!!!!!!!!!
Nov 21 '05 #2
What about a way to somehow validate against LDAP. I'm not saying I want to
know the password, just pass whatever the user types in to compare it . Any
other ideas?

"Crouchie1998" wrote:
Hi

No, there is no easy way to do this because the function LogonUser API
doesn't work in Windows 2000 unless you can set the SE_TCB_NAME (act as part
of the operating system), which will allow Windows 2000 to be opened up. That
means its an extremely big security risk.

If you find out how to set SE_TCB_NAME using VB.NET then there are literally
thousands of people who will want to know the answer because Microsoft would
NEVER release this information.

You can set SE_TCB_NAME manually in Windows 2000, but you are risking
security in a big way. Go into CONTROL PANEL, ADMINISTRATIVE TOOLS, LOCAL
SECURITY POLICY, expand USER RIGHTS ASSIGNMENT & 'add' users to ACT AS PART
OF THE OPERATING SYSTEM.

Restart the computer & now LogonUser 'should' work.

I DO NOT ADVISE YOU TO DO THIS - YOU HAVE BEEN WARNED!!!!!!!!!!!!!!!!!!!!!!!!

Nov 21 '05 #3
The LogonUser function doesn't give you the password because the password in
windows 2000 is converted to a one-way hash, so, when you log in its checked
against that hash.

The logon user function just fails on Windows 2000 without acting as part of
the operating system set.

However, if you are using Windows XP then the LogonUser function succeeds
because XP is so insecure & I am sure it used to pass the passwords as plain
text without using ZeroMemory to clear it from memory. Maybe with the
introduction with SP2 they have fixed that security flaw.

The best way for you in my opinion is to create a XML file & hold it in the
user's application data section of their profiles. You can encrypt/decrypt
the password & the users won't be able to get into anyone elses application
data folder. This method was suggested to me by Duncan MacKenzie from
Microsoft some time ago & I have implimented it in applications that needed
it.
Nov 21 '05 #4
MSSQLServerDeveloper,
In addition to the other comments.

Are you attempting to validate the current user or are you attempting to
authenticate the current user is allowed to use the program?

If you are attempting to validate the current user Keith Brown's book "The
..NET Developer's Guide to Windows Security" from Addison Wesley contains a
plethora of information on security under Win32 & specifically .NET.
Including a topic on how to prompt for a password. You can access the book
on-line at: http://www.pluralsight.com/keith/book/html/book.html I have not
tried the API reference, however a quick scan of MSDN suggests you might be
able to use it for the current user...

NOTE: Keith's book also includes a topic on how to run a program as another
user! (via the CreateProcessWithLogonW Win32 API)

If you are simply trying to authenticate the current user is allows to use
the program I would consider using Code Access Security and/or Role-Based
Security coupled with Win32 ACLs, rather then prompt for a password.

Info on Code Access Security:
http://msdn.microsoft.com/library/de...sssecurity.asp

Info on Role-Based Security:
http://msdn.microsoft.com/library/de...edsecurity.asp

Keith's book on info on using Win32 ACLs from .NET.

Hope this helps
Jay

"MSSQLServerDeveloper" <MS******************@discussions.microsoft.com>
wrote in message news:88**********************************@microsof t.com...
I am running in a windows 2000 environment and have the following scenario
/
question.

I have a vb.net application. Before allowing the user the go into the
app,
I would like to validate against the windows password. Is there any easy
way
to do this?
tia

Nov 21 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
row level security
by: robert | last post by:
well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. ...
DB2 Database
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
4
Error using WS-Security
by: Ashish | last post by:
Hi Guys I am getting the following error while implementing authentication using WS-security. "Microsoft.Web.Services2.Security.SecurityFault: The security token could not be authenticated...
C# / C Sharp
1
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
3
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!