Question How to validate application login user password to domain password?

T

tshepobp

New member
Joined
Jan 9, 2009
Messages
4
Location
Pretoria, South Africa
Programming Experience
1-3
Hi VB.Net's,

I have an appliction which uses WindowsPrincipal class to get the current user, userid and let the user type in the password. I want to compare the typed password to the NT password in order to give the user authentication to the application. Please help me with the code to compare the passwords.

Regards,
 
Sort by date Sort by votes
To rely on Windows authentication you just get the current WindowsIdentity and check IsAuthenticated property. You can initialize a WindowsPrincipal with this WindowsIdentity to check role based access with IsInRole method.
Sample:
VB.NET: 
Dim wi As Security.Principal.WindowsIdentity = Security.Principal.WindowsIdentity.GetCurrent
If wi.IsAuthenticated Then
    Dim wp As New Security.Principal.WindowsPrincipal(wi)
    If wp.IsInRole(Security.Principal.WindowsBuiltInRole.Administrator) Then
        MessageBox.Show("You have Windows admin rights!")
    Else
        MessageBox.Show("You don't have Windows admin rights!")
    End If
Else
    MessageBox.Show("You're not authenticated!")
End If
 
Upvote 0 Downvote
Hi JohnH, What I am doing is I want every person to enter their NT username and password on my appliction and the application validates the password against NT password to authenticate the user. Even if there is a function that will return a boolean if you pass username, password and domain as parameters.

Regards,
 
Upvote 0 Downvote
You have to look for native Win32 functionality to do that, see this thread: http://www.vbdotnetforums.com/security/17261-run-windows-application-specific-user-account.html

But why you would want to authenticate an already authenticated user and trouble them for their account name and password once again I don't understand. I would be suspicious if an application asked me for my Windows credentials for no reason. The system I showed you above exists to let you benefit from the already present Windows security authentication, including existing role-based security, without further user interaction or the security risks of exposing credentials to applications that don't need it. If you need a different login system for your application you should implement it as separate and not ask for other systems user/passwords. The impersonation example linked is valid for a different reason, to enable an application to run code as a different user than is logged in by the explicit consent of the user, usually to allow admin tasks that require higher privileges than current user has - not needed of course, if user could choose to login as admin and run the task without exposing the account. (though impersonation has some uses)
 
Upvote 0 Downvote

Similar threads

genesix
  • Question
How can I validate Date.Now?
Replies
2
Views
369
genesix
genesix
G
  • Question
Question How to create multiple user accounts in database
Replies
3
Views
2K
chrisjlocke1
chrisjlocke1
R
  • Question
Authenticate to Azure DevOps without user's DevOps PAT
Replies
0
Views
880
raivivan
R
RobertAlanGustafsonII
  • Solved
Question How do I host an arbitrary custom control in a DataGridView cell?
Replies
6
Views
1K
jdelano
J
T
  • Question
Question Retaining Application and User Settings with ClickOnce Upgrades
Replies
0
Views
1K
ThatSamIam
T

Share this page

Latest posts

Back
Top