Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Logon Function Using Windows API - Advapi32.dll

511 views
Skip to first unread message

Davin Lee

unread,
Apr 18, 2000, 3:00:00 AM4/18/00
to
Hi,

Does anyone know how to use the api functions LogonUser in Advapi32.dll ???
. I've declared a global external function below.

FUNCTION uint LogonUserA( ref string username, ref string domain, ref
string password, ulong LogonType, ulong LogonProvider, uint Handle ) library
"ADVAPI32.DLL"


// Programs

string ls_uName, ls_uPwd, ls_DNS
uint ll_tmp

ls_uName = 'UserName'
ls_uPwd = 'Password'
ls_DNS = 'elken_ibm'

li_ret = LogonUserA( ls_uName,ls_DNS,ls_uPwd,3,0,ll_tmp )

// Gave me a wrong return value where user exist in my domain.

Thanks in advance.

Rgrds,

Klaus Kirchner

unread,
Apr 18, 2000, 3:00:00 AM4/18/00
to
Hi Davin,
A couple of weeks ago I put together soem stuff for a techdoc, but it's not
published yet. see what I put together below.
HTH,
Klaus
Sybase Product Support

How to Use the LogonUser API to validate the user on NT

1.) Define a local external function

FUNCTION ulong LogonUser(ref string lpszUsername,ref string lpszDomain,ref
string lpszPassword,ulong dwLogonType,ulong dwLogonProvider,ref ulong phToken)
LIBRARY "advapi32.dll" ALIAS FOR "LogonUserA"

2.) Call the function (eg. For testing purposes in the clicked event of a
button)

ulong dwLogonType
ulong dwLogonProvider
ulong phToken
ulong result

string ls_user
string ls_password
string ls_domain

ls_user=sle_1.text
ls_password=sle_2.text
ls_domain=sle_3.text

//
// Logon Support APIs
//
//
//#define LOGON32_LOGON_INTERACTIVE 2
//#define LOGON32_LOGON_NETWORK 3
//#define LOGON32_LOGON_BATCH 4
//#define LOGON32_LOGON_SERVICE 5
//
//#define LOGON32_PROVIDER_DEFAULT 0
//#define LOGON32_PROVIDER_WINNT35 1
//#if(_WIN32_WINNT >= 0x0400)
//#define LOGON32_PROVIDER_WINNT40 2
//#endif /* _WIN32_WINNT >= 0x0400 */

dwLogonType = 3 //eg. Use LOGON32_LOGON_NETWORK
dwLogonProvider = 0 //Use LOGON32_PROVIDER_DEFAULT


result=LogonUser(ref ls_user, ref ls_domain, ref ls_password , dwLogonType,
dwLogonProvider, ref phToken)

if result <> 0 then
Messagebox("validation result", "User ok")
else
Messagebox("validation result", "Invalid User")
end if

3.) Give the proper access rights to the process

The LogonUser API has been available and documented since Windows NT 3.51, and
is commonly used to verify user credentials. Unfortunately, there are some
restrictions on using LogonUser that are not always convenient to satisfy. The
first and biggest of these restrictions is that the process calling L LogonUser
must have the SE_TCB_NAME privilege (in User Manager, this is the "Act as part
of the Operating System" right).

The SE_TCB_NAME privilege is very powerful and should not be granted to any
arbitrary user just so that they can run an application that needs to validate
credentials. The recommended method is to call LogonUser from a service running
in the local system account since the local system account already has the
SE_TCB_NAME privilege.

0 new messages