Login into Active Directory using VB6 1

[dvannoy]

can anyone show me an example or point me in the right direction here. currently in a few apps I am logging into the app and checking the user name and password from a table in my sql server. I would like to change that so the users can use there active directory username and password. does anyone have some sample code they can share with me.

Thanks in advance.

 

[PWise]

Option Compare Database
Option Explicit
Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As Long) As Long
Private Function ValidateLogin(ByVal Username As String, ByVal Password As String, ByVal Domain As String) As Boolean
Dim token As Long
Const LOGON32_LOGON_INTERACTIVE As Long = 2
Const LOGON32_LOGON_NETWORK As Long = 3
Const LOGON32_PROVIDER_DEFAULT As Long = 0
Const LOGON32_PROVIDER_WINNT50 As Long = 3
Const LOGON32_PROVIDER_WINNT40 As Long = 2
Const LOGON32_PROVIDER_WINNT35 As Long = 1
ValidateLogin = CBool(LogonUser(Username, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token))
ValidateLogin = CBool(LogonUser(Username, Domain, Password, 4, LOGON32_PROVIDER_DEFAULT, token))
End Function
Private Sub Checkpassword()
debug.print ValidateLogin("username", "password", "domain")
End Sub

 

[strongm]

Half that code seems pointless - and really slows the validation down ...

 

[dilettante]

This belongs in some SQL Server forum.

To use Windows Authentication you use a different connection string. You don't/can't fish the user's password out of AD.

Use something like:

Provider=SQLNCLI;Server=myServerAddress;Database=myDataBase;Integrated Security=SSPI

The exact string varies with the connector you're using (SQL Server Native Client, etc.).

The server has to be configured to accept these users.

 

[strongm]

I think the OP may need to clarify.

Like PWise, I assumed that the OP wasn't talking about connecting to SQL Server. I think they are just using SQL Server to store user names and passwords for other applications - and instead would prefer to verify them against their AD accounts. In which case PWise's code is a reasonable solution (if we get rid of the pointless lines of code)

 

[dvannoy]

thanks guys,
strongm,
you are correct. I'm just trying to not store the user names and passowrds in a table and just have them use there AD account to login to my apps. trying to avoid too many passwords. okay, so how can I use PWise's code correctly.

I really appreciate your help guys.

 

[strongm]

Something like:

[blue]Option Explicit

Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Const LOGON32_PROVIDER_DEFAULT As Long = 0&
Private Const LOGON32_LOGON_NETWORK As Long = 3&

[green]' If domain is excluded, verification of account is against domain/workgroup current user is logged into[/green]
Public Function VerifyLogon(sUsername As String, sPassword As String, Optional sDomain As String) As Boolean
    Dim p_lngToken As Long
    VerifyLogon = LogonUser(sUsername, sDomain, sPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, p_lngToken)
    CloseHandle p_lngToken
End Function[/blue]

 

[dilettante]

Ahh yes, that is very different.

Are you sure you need to do this? It isn't considered good practice. Some background on it can be found at How to validate user credentials on Microsoft operating systems

Note Collecting user credentials from a User-mode application can be annoying to the users and can provide a possible security hole in the enterprise computing environment. The Unified Logon requirement (a requirement that the user should only be required to type their credentials one time at the CTRL+ALT+DEL screen), was added to the Microsoft BackOffice logo requirements for these very reasons. It is important to make sure that you really need to gather credentials and that some other method of client/server validation is not more appropriate. Consult the security documentation in the Platform SDK for more information on impersonation and programming secured servers.

 

[dvannoy]

once I try and call the function from a button I'm getting "variable not defined" I'm trying to add sUsername = txtuser.text and then the password = txtpass.text.

 

[strongm]

CAn you show your code, and where you get the error?

 

[dvannoy]

okay,

Private Sub Command1_Click()

sUsername = txtUser.Text
sPassword = txtPass.Text
sDomain = "mydomain.local"

VerifyLogon(sUsername, sPassword, sDomain) = True

End Sub

Error is on sUsername

 

[strongm]

Your code does not declare the variables before using them, which is required if Option Explicit is set (which it is)

You need:

Dim sUsername as String
Dim sPassword as String
Dim sDomain as string

in your code.

 

[dvannoy]

I'm missing something here.
Public Function VerifyLogon(sUsername As String, sPassword As String, Optional sDomain As String)

do I even need to declare sUsername etc. if it's already done in the above statement?

how do I call this function from a button?

 

[strongm]

>do I even need to declare sUsername etc. if it's already done in the above statement?

Yes, you do. They may be declared as parameters of the function, sure - but you need to declare your own variables to pass to the function (you are actually confusing yourself by giving them the same name). So an example of using this function (modelled on your attempt) might read in full something like

[blue]Option Explicit

Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Const LOGON32_PROVIDER_DEFAULT As Long = 0&
Private Const LOGON32_LOGON_NETWORK As Long = 3&

' If domain is excluded, verification of account is against domain/workgroup current user is logged into
Public Function VerifyLogon(sUsername As String, sPassword As String, Optional sDomain As String) As Boolean
    Dim p_lngToken As Long
    VerifyLogon = LogonUser(sUsername, sDomain, sPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, p_lngToken)
    CloseHandle p_lngToken
End Function

Private Sub Command1_Click()
dim TestUserName as string
dim TestPassword as string
dim TestDomain as string

TestUserName = txtUser.Text
TestPassword  = txtPass.Text
TestDomain = "mydomain.local"

Msgbox "Credentials good: " & VerifyLogon(TestUserName, TestPassword, TestDomain) 
End Sub[/blue]

 

[dvannoy]

Perfect!! thank you so much!

So, using a select case, if VerifyLogon is False then the application does not open. if it's true the user is logged in. would this be a good way to handle that?

thanks for your help

 

[strongm]

Sounds about right, yes.