How to capture the windows login id and password with VFP 2

[freddiekg]

Dear all,

If is possible, I try to use the Windows login id and password for my application security.

Is there any sample VFP module out there for this function (application security) so that I don't have to write from scratch?

Thanks in advance.

Regards,
Freddie

 

[JRB-Bldr]

Certainly!

* --- If you want just the Windows login username by itself ---
cUserName = SYS(0)
cUserName = ALLTRIM(SUBSTR(mcUserName, AT("#",mcUserName) + 1))

Once you have the Windows login UserName you can write your own code to utilize that name in any manner you want.

There is no One Way to implement application security. It can be done in a wide variety of ways. It all depends on just how secure you want things to be.

One very simplistic way would be to reference a USER.DBF to find the name and acquire the associated UserType from it. The UserType can then be used throughout your application where, when and how needed.

NOTE - one problem with using a Windows login username for your security is that anyone who sat down at someone else's workstation after it was logged in would run the application under that other person's UserName and UserType. That can be a problem for some situations and not for others.

Good Luck,
JRB-Bldr

 

[freddiekg]

Dear JRB-Bldr,

Thanks for your input. I think is better for me to create a user.dbf with password to access the VFP application.

Do you know any method or existing object out there that I can use to encrypt the passwords in the DBF?

Regards,
Freddie

 

[Mike Lewis]

Freddie,

This is what I do in most of my applications:

1. Maintain a Users table that includes fields for login name and encrypted password.

2. Display a login form that prompts for user name and password.

3. In the user name fields, display, as a default the Windows login name, using SYS(0), as per JRB-Bldr's suggestion. The user can either leave this field as it is, or type in a different user name.

4. After the user has logged in, search the user table for a record that has the user-entered login name and the encrypted version of the password. If the search succeeds, grant the user entry to the application.

To handle the encryption, I use VFP's SYS(2007) function. This isn't encryption in the usual sense of the word, but it serves the same function. The point is that it is a one-way process. You can easily derive the encrypted password from the plain text, but there's no easy way to go in the other direction. The advantage is that you never store or transmit the actual password.

When setting up a new user, the admin person can either let the user log in with their Windows login name (in which case, the user won't need to enter the name at login time) or any other name they choose.

However, they will always need to assign a password. I don't know any way of using the Windows password as a default, nor do I think it's desirable. A user's Windows password is not necessarily treated with strict security (in fact, it's not even mandatory to have such a password) and defaulting to the Windows password doesn't provide any extra convenience, given that you have to type in the password in any case.

I hope this of some use to you.

Mike


__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro tips, advice, training, consultancy
Custom software for your business

 

[JRB-Bldr]

If you had used the Search tool with this forum you would have found quite a few previous postings for Encryption.

One of those would have been
Visual FoxPro Encryption and Hashing
thread184-1115378

There are others out there as well.
You might also want to do a search of

http://www.universalthread.com

Or you could always 'roll your own' for a simplistic method.

Good Luck,
JRB-Bldr