473,320 Members | 1,691 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

how to pass nt password ?

I succesfully pass username , domain and password via this function (taken
from MSDN)

Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As [String], _

ByVal lpszDomain As [String], ByVal lpszPassword As [String], _

ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _

ByRef phToken As IntPtr) As Boolean

Dim returnValue As Boolean = LogonUser(username, domain, pwd,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle)

The above assumes that in the application, user will be required to enter
username, domain and password via keyboard

However i do NOT want the application to ASK user for the username,domain
and password. Instead the application shld use the current user context
since users already logon to a operating system eg XP.

i can extract username and domain using the WindowsIdentity.Name Property
which give it as domain\nt id, and then i pass to above function in
username, domain.

How do i extract password ? I know password cannot be seen, but at least
what can i do to pass the current password arguments into the above
function - logonuser ?




Nov 23 '05 #1
4 3295
"James" <jk****@hotmail.com> wrote in message news:eq****************@TK2MSFTNGP09.phx.gbl...
I succesfully pass username , domain and password via this function (taken from MSDN)

Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _

ByVal lpszDomain As [String], ByVal lpszPassword As [String], _

ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _

ByRef phToken As IntPtr) As Boolean

Dim returnValue As Boolean = LogonUser(username, domain, pwd, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
tokenHandle)

The above assumes that in the application, user will be required to enter username, domain and password via keyboard

However i do NOT want the application to ASK user for the username,domain and password. Instead the application shld
use the current user context since users already logon to a operating system eg XP.

i can extract username and domain using the WindowsIdentity.Name Property which give it as domain\nt id, and then i
pass to above function in username, domain.

How do i extract password ? I know password cannot be seen, but at least what can i do to pass the current password
arguments into the above function - logonuser ?


The user is already logged on, so why would you want them to logon to
your program using the self same credentials? Your program should
simply run in user context (indeed, it should be tested on an account
with the minimum credentials required to operate). If your program
requires elevated privileges then the USER must provide the required
credentials, NOT your program. Bypassing the built-in security (such
as it is) is not an option if you want your application to remain compliant.
Nov 23 '05 #2
James,
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As [String], _
You don't need to excape String with square brackets.

However i do NOT want the application to ASK user for the username,domain
and password. Instead the application shld use the current user context
since users already logon to a operating system eg XP.
Can't you just open the existing token then?

How do i extract password ?


You can't do that. Imagine the security problem if you could.
Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Nov 23 '05 #3
Perhaps i will explain more.

I run this service monitor application as a thread. Put as eg.

a) i logon in xp, run the service locally on xp1 local machine.
b) my application will read a list of machines files eg xp1, xp2, xp3, etc
c) the service application will generate thread pools every x seconds and
reach out to other machines having similar services and check whether it is
started.
d) if not started on machine xp2 or xp3, it will attempt to start on remote
machines.
e) to start service on remote machines, it needs to impersonate. Thus i used
the function - logonuser described below.
f) the logonuser fucntion requires username, domain and password. I can
extract username and domain, but i want my password which i logon on xp1 to
impersonate on xp2 or xp3 to start the xp2 or xp2 services.

Hope this explains why i want to pass my "password" onto other machines to
impersonate.

U see, all msdn documentations expect user to enter username, domain and
password to impersonate. I can do it at my application, but because it is
running as a service, it shld NOT ask user for password.

"Micky" <mi***@n05pam.com> wrote in message
news:dl**********@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
"James" <jk****@hotmail.com> wrote in message
news:eq****************@TK2MSFTNGP09.phx.gbl...
I succesfully pass username , domain and password via this function (taken
from MSDN)

Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As [String], _

ByVal lpszDomain As [String], ByVal lpszPassword As [String], _

ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _

ByRef phToken As IntPtr) As Boolean

Dim returnValue As Boolean = LogonUser(username, domain, pwd,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle)

The above assumes that in the application, user will be required to enter
username, domain and password via keyboard

However i do NOT want the application to ASK user for the username,domain
and password. Instead the application shld use the current user context
since users already logon to a operating system eg XP.

i can extract username and domain using the WindowsIdentity.Name Property
which give it as domain\nt id, and then i pass to above function in
username, domain.

How do i extract password ? I know password cannot be seen, but at least
what can i do to pass the current password arguments into the above
function - logonuser ?


The user is already logged on, so why would you want them to logon to
your program using the self same credentials? Your program should
simply run in user context (indeed, it should be tested on an account
with the minimum credentials required to operate). If your program
requires elevated privileges then the USER must provide the required
credentials, NOT your program. Bypassing the built-in security (such
as it is) is not an option if you want your application to remain
compliant.

Nov 23 '05 #4
"James" <jk****@hotmail.com> wrote in message news:O2****************@TK2MSFTNGP15.phx.gbl...
Perhaps i will explain more.

I run this service monitor application as a thread. Put as eg.

a) i logon in xp, run the service locally on xp1 local machine.
b) my application will read a list of machines files eg xp1, xp2, xp3, etc
c) the service application will generate thread pools every x seconds and reach out to other machines having similar
services and check whether it is started.
d) if not started on machine xp2 or xp3, it will attempt to start on remote machines.
e) to start service on remote machines, it needs to impersonate. Thus i used the function - logonuser described below.
f) the logonuser fucntion requires username, domain and password. I can extract username and domain, but i want my
password which i logon on xp1 to impersonate on xp2 or xp3 to start the xp2 or xp2 services.

Hope this explains why i want to pass my "password" onto other machines to impersonate.

U see, all msdn documentations expect user to enter username, domain and password to impersonate. I can do it at my
application, but because it is running as a service, it shld NOT ask user for password.


You didn't mention anything about a service in your OP. That's a different
breed of canine altogether.

Services can have their own credentials. You simply create an account for
your service, with the required credentials, as a post-installation process.
So long as the account exists on the local machine, the service can login.
And provided the credentials are sufficient to control remote machine
services, that's all you need.

For security, the password should be generated randomly (so even you--
the developer--won't know what it is). The password should then be
encrypted and cached in the local machine registry. Remember to use
SecureZeroMemory to clear the password from memory. If the
password should become corrupt, the service administrator should
be given the means to delete the old account and create a new one
in its place.

Once that's done, only the service itself will know its own password,
and only service administrators should be able to run the service itself.

That's the only way to do it without asking the user to supply a
password. A password would only be required if the service is run
under impersonation (with Run As...).

The only other way to do it is to ask the user to enter the impersonation
credentials one time only and immediately cache the details in encrypted
form. However that poses a severe security breach, since any user can
then run the service using elevated credentials. A big no-no!


Nov 23 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: HH | last post by:
I'm learning to design web applications with php, mysql, and apache from a book. I copied a sample application called guestbook 2000 that came with the CD in the book to my htdocs folder, but...
3
by: Bart Nessux | last post by:
I'm writing a script that does some basic pre-configuration for our new Macs (OSX 10.3.2). I'm trying to enable the root account automatically with the script, but I don't know how to pass stings...
1
by: Joe | last post by:
I have 3 servers server1: http://server1/login.asp, http://server1/page1.as server2: http://server2/login.asp, http://server2/page1.as server3: http://server3/login.asp, http://server3/page1.as ...
11
by: DFS | last post by:
Architecture: Access 2003 client, Oracle 9i repository, no Access security in place, ODBC linked tables. 100 or so users, in 3 or 4 groups (Oracle roles actually): Admins, Updaters and ReadOnly....
3
by: Hei | last post by:
Hi All, i using .showdialog to show a child form for user input some data, and i wand to pass back these data to the parent form. how can i achieve this? thx. Hei.
2
by: Steve Bottoms | last post by:
Is there any way to pass a login name/password when calling System.Web.Mail.SMTPMail? Can't find anything in the docs or KB... If not, any suggestions to get this functionality short of building...
4
by: metaperl | last post by:
The urlparse with Python 2.4.3 includes the user and pass in the site aspect of its parse: 'bill:james@docs.python.org' I personally would prefer that it be broken down a bit further. What...
0
by: dotis | last post by:
I want to map a network drive (samba). The point is that you have to input Username and Password to connect. Every user has its unique username and password and whan type it , then go directly to...
2
by: Dave Kelly | last post by:
I don't know if this question should be ask here or directed at my website server. Part of my web site is behind a user name, pass word protected directory made with the hosts routine. EV-one...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.