Francois Piette wrote: >>> At server side I use >>> the usercode to query a password database to retreive the password >>> and I compute the same hash code. >> >>> use LogonUser API from advapi32.dll. >> >>> I don't have a password database. >> >> These statements seem contradictory to me, if you can compute the >> hash from the database, you must be storing it clear (or so it can >> be decoded) which you can use for the API? > > I explained the current situation and the future situation. > Of course, the main goal of using Active Directory is to remove from > each application the burden of usercode/password management and move > toward a Single Sign On system. The updated application will no more > have a usercode/password database.
Then NTLM is the only way. If you do not want to use the default HTTP implementation, it may be possible to write the client-side NTLM stuff in Javascript? I just found this JS-encryption program, which even supports RSA, NTLM is not included: http://home.versatel.nl/MAvanEverdingen/Code/ -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
