Bill Haskett wrote: > Is it possible to either extract the Windows password, in order to > compare with an entered string, or to verify the entered string with > the Windows password? > A client's application we're converting requires the user to reenter > their password to run some sensitive processes.
Hi Bill. No, you can't extract a Windows password. You don't mention how you plan to do this, from BASIC, from your web interface, etc. The most common way to test to see if you have the right password for a given user is to call to the Win32 API function LogonUser - this will require some custom code. I don't think you can just do a validation / verification, you need to actually login to the user's account and then destroy the token that represents that user's session. Here are some links that might help, including some advice which discourages developers from requiring their users to login more than once: http://p2p.wrox.com/topic.asp?TOPIC_ID=1341 (VB.NET code and comments) http://tinyurl.com/p6y26 (Google query) http://tinyurl.com/eeq3f (C# code, funky way to get into this site) http://tinyurl.com/hhu62 (ASP.NET impersonatation from Microsoft, with code) http://tinyurl.com/esffx (VB6 code for similar function) You can embed code from those info pages into a single-function EXE, and execute them from BASIC, passing the user/psw/domain info - the return value can be a simple YES or NO which you can capture. Be careful, the methods used to perform these functions depends on whether or not you're using Active Directory or some other means of authentication. Someone with a clue may be able to help further, this isn't my area, sorry. HTH T ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
